track link keys from PIN request as authenticated

2025-03-23 19:20:51 +00:00 · 2014-01-16 18:19:38 +00:00 · 2014-01-16 18:19:38 +00:00 · 536f9994f0
commit 536f9994f0
parent 34f9eab8a3
3 changed files with 13 additions and 7 deletions
--- a/include/btstack/utils.h
+++ b/include/btstack/utils.h
@ -65,7 +65,7 @@ typedef uint8_t link_key_t[LINK_KEY_LEN];

 typedef enum {
 	LINK_KEY_TYPE_UNAUTHENTICATED,
-	LINK_KEY_TYPE_AUTHENTICATD,
+	LINK_KEY_TYPE_AUTHENTICATED,
 } link_key_type_t;

 /**
--- a/src/hci.c
+++ b/src/hci.c
@ -693,9 +693,8 @@ static void event_handler(uint8_t *packet, int size){
            if (!conn) break;
            if (packet[5]){
                conn->authentication_flags |= CONNECTION_ENCRYPTED;
-                // @TODO set authentication depending on pairing process
            } else {
-                conn->authentication_flags &= ~(CONNECTION_ENCRYPTED | CONNECTION_AUTHENTICATED);
+                conn->authentication_flags &= ~CONNECTION_ENCRYPTED;
            }
            break;

@ -1226,6 +1225,9 @@ void hci_run(){
            log_info("responding to link key request\n");
            if ( hci_stack.bondable && hci_stack.remote_device_db && hci_stack.remote_device_db->get_link_key( &connection->address, &link_key, &link_key_type)){
               hci_send_cmd(&hci_link_key_request_reply, connection->address, &link_key);
+               if (link_key_type == LINK_KEY_TYPE_AUTHENTICATED){
+                    connectionSetAuthenticationFlags(connection, HAVE_AUTHENTICATED_LINK_KEY);
+               }
            } else {
               hci_send_cmd(&hci_link_key_request_negative_reply, connection->address);
            }
@ -1524,9 +1526,10 @@ int hci_send_cmd_packet(uint8_t *packet, int size){
    if (IS_COMMAND(packet, hci_link_key_request_negative_reply)){
        hci_add_connection_flags_for_flipped_bd_addr(&packet[3], SENT_LINK_KEY_NEGATIVE_REQUEST);
    }
-    // if (IS_COMMAND(packet, hci_pin_code_request_reply)){
-    //     hci_add_connection_flags_for_flipped_bd_addr(&packet[3], SENT_PIN_CODE_REPLY);
-    // }
+    // Link key generated from PIN implies MITM protecion and authentication
+    if (IS_COMMAND(packet, hci_pin_code_request_reply)){
+        hci_add_connection_flags_for_flipped_bd_addr(&packet[3], HAVE_AUTHENTICATED_LINK_KEY);
+    }
    // if (IS_COMMAND(packet, hci_pin_code_request_negative_reply)){
    //     hci_add_connection_flags_for_flipped_bd_addr(&packet[3], SENT_PIN_CODE_NEGATIVE_REPLY);
    // }
--- a/src/hci.h
+++ b/src/hci.h
@ -214,9 +214,12 @@ typedef enum {
    SEND_USER_CONFIRM_REPLY        = 0x0400,
    RECV_USER_PASSKEY_REQUEST      = 0x0800,
    SEND_USER_PASSKEY_REPLY        = 0x1000,
+
+    // link key
+    HAVE_AUTHENTICATED_LINK_KEY    = 0x2000,
+
    // connection status
    CONNECTION_ENCRYPTED           = 0x2000,
-    CONNECTION_AUTHENTICATED       = 0x4000,

    // SENT_PIN_CODE_REPLY            = 0x0080, 
    // SENT_PIN_CODE_NEGATIVE_REPLY   = 0x0100,