gap: consider OOB data on both sides when evaluation possible security level

2025-03-02 22:13:36 +00:00 · 2021-08-26 15:29:26 +02:00 · 2021-08-26 15:29:26 +02:00 · 61298c1c4f
commit 61298c1c4f
parent ebde8a6099
1 changed files with 34 additions and 3 deletions
--- a/src/hci.c
+++ b/src/hci.c
@ -2831,9 +2831,40 @@ static void event_handler(uint8_t *packet, uint16_t size){

            // assess security based on io capabilities
            if (conn->authentication_flags & AUTH_FLAG_RECV_IO_CAPABILITIES_RESPONSE){
-                // responder: fully validate io caps of both sides
-                if (!hci_ssp_security_level_possible_for_io_cap(conn->requested_security_level, hci_stack->ssp_io_capability, conn->io_cap_response_io)){
-                    log_info("IOCap insufficient for level %u -> abort", conn->requested_security_level);
+                // get requested security level
+                gap_security_level_t requested_security_level = conn->requested_security_level;
+                if (hci_stack->gap_secure_connections_only_mode){
+                    requested_security_level = LEVEL_4;
+                }
+
+                // responder: fully validate io caps of both sides as well as OOB data
+                bool security_possible = false;
+                security_possible = hci_ssp_security_level_possible_for_io_cap(requested_security_level, hci_stack->ssp_io_capability, conn->io_cap_response_io);
+
+#ifdef ENABLE_CLASSIC_PAIRING_OOB
+                // We assume that both Controller can reach LEVEL 4, if one side has received P-192 and the other has received P-256,
+                // so we merge the OOB data availability
+                uint8_t have_oob_data = conn->io_cap_response_oob_data;
+                if (conn->classic_oob_c_192 != NULL){
+                    have_oob_data |= 1;
+                }
+                if (conn->classic_oob_c_256 != NULL){
+                    have_oob_data |= 2;
+                }
+                // for up to Level 3, either P-192 as well as P-256 will do
+                // if we don't support SC, then a) conn->classic_oob_c_256 will be NULL and b) remote should not report P-256 available
+                // if remote does not SC, we should not receive P-256 data either
+                if ((requested_security_level <= LEVEL_3) && (have_oob_data != 0)){
+                    security_possible = true;
+                }
+                // for Level 4, P-256 is needed
+                if ((requested_security_level == LEVEL_4 && ((have_oob_data & 2) != 0))){
+                    security_possible = true;
+                }
+#endif
+
+                if (security_possible == false){
+                    log_info("IOCap/OOB insufficient for level %u -> abort", conn->requested_security_level);
                    hci_pairing_complete(conn, ERROR_CODE_INSUFFICIENT_SECURITY);
                    connectionSetAuthenticationFlags(conn, AUTH_FLAG_SEND_IO_CAPABILITIES_NEGATIVE_REPLY);
                    break;