mirror/btstack
1
0
Fork 0
mirror of https://github.com/bluekitchen/btstack.git synced 2025-02-26 00:40:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

sm: store LTK in db for SC. document key management strategy

Browse Source
This commit is contained in:
Matthias Ringwald 2016-06-23 12:57:43 +02:00
parent 2bacf59502
commit 613da3de46
1 changed files with 18 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
src/ble/sm.c
View File

@ -1261,7 +1261,6 @@ static void sm_key_distribution_handle_all_received(sm_connection_t * sm_conn){
}
if (le_db_index >= 0){
le_device_db_local_counter_set(le_db_index, 0);
// store local CSRK
if (setup->sm_key_distribution_send_set & SM_KEYDIST_FLAG_SIGNING_IDENTIFICATION){
@ -1277,9 +1276,10 @@ static void sm_key_distribution_handle_all_received(sm_connection_t * sm_conn){
le_device_db_remote_counter_set(le_db_index, 0);
}
// store encryption information
if (setup->sm_key_distribution_received_set & SM_KEYDIST_FLAG_ENCRYPTION_INFORMATION
&& setup->sm_key_distribution_received_set & SM_KEYDIST_FLAG_MASTER_IDENTIFICATION){
// store encryption information if a) secure connections or b) peer LTK, EDIV, RAND have been received
if ((setup->sm_use_secure_connections)
|| ( (setup->sm_key_distribution_received_set & SM_KEYDIST_FLAG_ENCRYPTION_INFORMATION)
&& (setup->sm_key_distribution_received_set & SM_KEYDIST_FLAG_MASTER_IDENTIFICATION ))){
log_info("sm: set encryption information (key size %u, authenticatd %u)", sm_conn->sm_actual_encryption_key_size, sm_conn->sm_connection_authenticated);
le_device_db_encryption_set(le_db_index, setup->sm_peer_ediv, setup->sm_peer_rand, setup->sm_peer_ltk,
sm_conn->sm_actual_encryption_key_size, sm_conn->sm_connection_authenticated, sm_conn->sm_connection_authorization_state == AUTHORIZATION_GRANTED);
@ -1393,6 +1393,11 @@ static void sm_sc_cmac_done(uint8_t * hash){
sm_conn->sm_engine_state = SM_SC_W2_CALCULATE_F5_LTK;
break;
case SM_SC_W4_CALCULATE_F5_LTK:
// store data for later key storage
setup->sm_peer_ediv = 0;
memset(setup->sm_peer_rand, 0, 8);
memcpy(setup->sm_peer_ltk, hash, 16);
// store generated LTK and continue
memcpy(setup->sm_ltk, hash, 16);
sm_conn->sm_engine_state = SM_SC_W2_CALCULATE_F6_FOR_DHKEY_CHECK;
break;
@ -1697,6 +1702,15 @@ static void h6_calculate_br_edr_link_key(sm_connection_t * sm_conn){
#endif
// key management legacy connections:
// - potentially two different LTKs based on direction. each device stores LTK provided by peer
// - master stores LTK, EDIV, RAND. responder optionally stored master LTK (only if it needs to reconnect)
// - initiators reconnects: initiator uses stored LTK, EDIV, RAND generated by responder
// - responder reconnects: responder uses LTK receveived from master
// key management secure connections:
// - both devices store same LTK from ECDH key exchange.
static void sm_load_security_info(sm_connection_t * sm_connection){
int encryption_key_size;
int authenticated;