mirror of
https://github.com/bluekitchen/btstack.git
synced 2025-02-06 03:40:16 +00:00
sm: Cross-Transport Key Derivation requires ENABLE_CROSS_TRANSPORT_KEY_DERIVATION
This commit is contained in:
parent
1046568c8f
commit
6857ad8fd2
@ -21,7 +21,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
|
|||||||
### Added
|
### Added
|
||||||
|
|
||||||
### Changed
|
### Changed
|
||||||
|
- SM: Cross-Transport Key Derivation requires ENABLE_CROSS_TRANSPORT_KEY_DERIVATION now
|
||||||
|
|
||||||
## Changes September 2020
|
## Changes September 2020
|
||||||
|
|
||||||
@ -89,7 +89,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
|
|||||||
|
|
||||||
### Fixed
|
### Fixed
|
||||||
- HFP: Fix parsing of empty fields, e.g. phone number in +CLCC and other AT commands
|
- HFP: Fix parsing of empty fields, e.g. phone number in +CLCC and other AT commands
|
||||||
- sm: Fix validation of confirm value for secure connection Passkey entry
|
- SM: Fix validation of confirm value for secure connection Passkey entry
|
||||||
- AVRCP: handle concurrent signaling establishment with reject and retry
|
- AVRCP: handle concurrent signaling establishment with reject and retry
|
||||||
|
|
||||||
### Added
|
### Added
|
||||||
@ -105,7 +105,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
|
|||||||
### Fixed
|
### Fixed
|
||||||
- hfp_hf, hsp_hs: use eSCO params in accept sco connection only for incoming eSCO connections
|
- hfp_hf, hsp_hs: use eSCO params in accept sco connection only for incoming eSCO connections
|
||||||
- pbap_client: fix PBAP UUID len on connect message
|
- pbap_client: fix PBAP UUID len on connect message
|
||||||
- sm: fix secure connection pairing as peripheral when local user confirmation happens after remote one
|
- SM: fix secure connection pairing as peripheral when local user confirmation happens after remote one
|
||||||
- A2DP Source: only connect to remote sink stream endpoints
|
- A2DP Source: only connect to remote sink stream endpoints
|
||||||
- btstack_hal_flash_memory: fix write of 0xff bytes to simulated flash
|
- btstack_hal_flash_memory: fix write of 0xff bytes to simulated flash
|
||||||
- hsp_hs: fix disconnect if audio not connected
|
- hsp_hs: fix disconnect if audio not connected
|
||||||
@ -116,7 +116,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
|
|||||||
- GAP: gap_set_security_level sets required security level for incoming and outgoing connections
|
- GAP: gap_set_security_level sets required security level for incoming and outgoing connections
|
||||||
- cc256x: allow to specify power vector for each modulation type
|
- cc256x: allow to specify power vector for each modulation type
|
||||||
- FreeRTOS: btstack_run_loop_freertos_trigger_exit allows to request run loop exit
|
- FreeRTOS: btstack_run_loop_freertos_trigger_exit allows to request run loop exit
|
||||||
- sm: support LE Secure Connections Only mode with sm_set_secure_connections_only_mode
|
- SM: support LE Secure Connections Only mode with sm_set_secure_connections_only_mode
|
||||||
- GAP: enable BR/EDR Secure Connections if supported, add gap_secure_connections_enable
|
- GAP: enable BR/EDR Secure Connections if supported, add gap_secure_connections_enable
|
||||||
|
|
||||||
### Changed
|
### Changed
|
||||||
|
@ -93,9 +93,10 @@ ENABLE_LE_DATA_CHANNELS | Enable LE Data Channels in credit-based flow
|
|||||||
ENABLE_LE_DATA_LENGTH_EXTENSION | Enable LE Data Length Extension support
|
ENABLE_LE_DATA_LENGTH_EXTENSION | Enable LE Data Length Extension support
|
||||||
ENABLE_LE_SIGNED_WRITE | Enable LE Signed Writes in ATT/GATT
|
ENABLE_LE_SIGNED_WRITE | Enable LE Signed Writes in ATT/GATT
|
||||||
ENABLE_LE_PRIVACY_ADDRESS_RESOLUTION | Enable address resolution for resolvable private addresses in Controller
|
ENABLE_LE_PRIVACY_ADDRESS_RESOLUTION | Enable address resolution for resolvable private addresses in Controller
|
||||||
ENABLE_ATT_DELAYED_RESPONSE | Enable support for delayed ATT operations, see [GATT Server](profiles/#sec:GATTServerProfile)
|
ENABLE_CROSS_TRANSPORT_KEY_DERIVATION | Enable Cross-Transport Key Derivation (CTKD) for Secure Connections
|
||||||
ENABLE_L2CAP_ENHANCED_RETRANSMISSION_MODE | Enable L2CAP Enhanced Retransmission Mode. Mandatory for AVRCP Browsing
|
ENABLE_L2CAP_ENHANCED_RETRANSMISSION_MODE | Enable L2CAP Enhanced Retransmission Mode. Mandatory for AVRCP Browsing
|
||||||
ENABLE_HCI_CONTROLLER_TO_HOST_FLOW_CONTROL | Enable HCI Controller to Host Flow Control, see below
|
ENABLE_HCI_CONTROLLER_TO_HOST_FLOW_CONTROL | Enable HCI Controller to Host Flow Control, see below
|
||||||
|
ENABLE_ATT_DELAYED_RESPONSE | Enable support for delayed ATT operations, see [GATT Server](profiles/#sec:GATTServerProfile)
|
||||||
ENABLE_CC256X_BAUDRATE_CHANGE_FLOWCONTROL_BUG_WORKAROUND | Enable workaround for bug in CC256x Flow Control during baud rate change, see chipset docs.
|
ENABLE_CC256X_BAUDRATE_CHANGE_FLOWCONTROL_BUG_WORKAROUND | Enable workaround for bug in CC256x Flow Control during baud rate change, see chipset docs.
|
||||||
ENABLE_CYPRESS_BAUDRATE_CHANGE_FLOWCONTROL_BUG_WORKAROUND | Enable workaround for bug in CYW2070x Flow Control during baud rate change, similar to CC256x.
|
ENABLE_CYPRESS_BAUDRATE_CHANGE_FLOWCONTROL_BUG_WORKAROUND | Enable workaround for bug in CYW2070x Flow Control during baud rate change, similar to CC256x.
|
||||||
ENABLE_LE_LIMIT_ACL_FRAGMENT_BY_MAX_OCTETS | Force HCI to fragment ACL-LE packets to fit into over-the-air packet
|
ENABLE_LE_LIMIT_ACL_FRAGMENT_BY_MAX_OCTETS | Force HCI to fragment ACL-LE packets to fit into over-the-air packet
|
||||||
|
15
src/ble/sm.c
15
src/ble/sm.c
@ -60,6 +60,10 @@
|
|||||||
#error "LE Security Manager used, but neither ENABLE_LE_PERIPHERAL nor ENABLE_LE_CENTRAL defined. Please add at least one to btstack_config.h."
|
#error "LE Security Manager used, but neither ENABLE_LE_PERIPHERAL nor ENABLE_LE_CENTRAL defined. Please add at least one to btstack_config.h."
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(ENABLE_CROSS_TRANSPORT_KEY_DERIVATION) && !defined(ENABLE_CLASSIC)
|
||||||
|
#error "Cross Transport Key Derivation requires BR/EDR (Classic) support"
|
||||||
|
#endif
|
||||||
|
|
||||||
// assert SM Public Key can be sent/received
|
// assert SM Public Key can be sent/received
|
||||||
#ifdef ENABLE_LE_SECURE_CONNECTIONS
|
#ifdef ENABLE_LE_SECURE_CONNECTIONS
|
||||||
#if HCI_ACL_PAYLOAD_SIZE < 69
|
#if HCI_ACL_PAYLOAD_SIZE < 69
|
||||||
@ -83,6 +87,7 @@
|
|||||||
#define USE_CMAC_ENGINE
|
#define USE_CMAC_ENGINE
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
||||||
#define BTSTACK_TAG32(A,B,C,D) (((A) << 24) | ((B) << 16) | ((C) << 8) | (D))
|
#define BTSTACK_TAG32(A,B,C,D) (((A) << 24) | ((B) << 16) | ((C) << 8) | (D))
|
||||||
|
|
||||||
//
|
//
|
||||||
@ -1452,7 +1457,7 @@ static void sm_sc_cmac_done(uint8_t * hash){
|
|||||||
|
|
||||||
sm_connection_t * sm_conn = sm_cmac_connection;
|
sm_connection_t * sm_conn = sm_cmac_connection;
|
||||||
sm_cmac_connection = NULL;
|
sm_cmac_connection = NULL;
|
||||||
#ifdef ENABLE_CLASSIC
|
#ifdef ENABLE_CROSS_TRANSPORT_KEY_DERIVATION
|
||||||
link_key_type_t link_key_type;
|
link_key_type_t link_key_type;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -1520,7 +1525,7 @@ static void sm_sc_cmac_done(uint8_t * hash){
|
|||||||
sm_conn->sm_engine_state = SM_INITIATOR_PH3_SEND_START_ENCRYPTION;
|
sm_conn->sm_engine_state = SM_INITIATOR_PH3_SEND_START_ENCRYPTION;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
#ifdef ENABLE_CLASSIC
|
#ifdef ENABLE_CROSS_TRANSPORT_KEY_DERIVATION
|
||||||
case SM_SC_W4_CALCULATE_H6_ILK:
|
case SM_SC_W4_CALCULATE_H6_ILK:
|
||||||
(void)memcpy(setup->sm_t, hash, 16);
|
(void)memcpy(setup->sm_t, hash, 16);
|
||||||
sm_conn->sm_engine_state = SM_SC_W2_CALCULATE_H6_BR_EDR_LINK_KEY;
|
sm_conn->sm_engine_state = SM_SC_W2_CALCULATE_H6_BR_EDR_LINK_KEY;
|
||||||
@ -2345,7 +2350,7 @@ static void sm_run(void){
|
|||||||
connection->sm_engine_state = SM_SC_W4_CALCULATE_G2;
|
connection->sm_engine_state = SM_SC_W4_CALCULATE_G2;
|
||||||
g2_calculate(connection);
|
g2_calculate(connection);
|
||||||
break;
|
break;
|
||||||
#ifdef ENABLE_CLASSIC
|
#ifdef ENABLE_CROSS_TRANSPORT_KEY_DERIVATION
|
||||||
case SM_SC_W2_CALCULATE_H6_ILK:
|
case SM_SC_W2_CALCULATE_H6_ILK:
|
||||||
if (!sm_cmac_ready()) break;
|
if (!sm_cmac_ready()) break;
|
||||||
connection->sm_engine_state = SM_SC_W4_CALCULATE_H6_ILK;
|
connection->sm_engine_state = SM_SC_W4_CALCULATE_H6_ILK;
|
||||||
@ -2944,7 +2949,7 @@ static void sm_handle_encryption_result_enc_csrk(void *arg){
|
|||||||
// slave -> receive master keys
|
// slave -> receive master keys
|
||||||
connection->sm_engine_state = SM_PH3_RECEIVE_KEYS;
|
connection->sm_engine_state = SM_PH3_RECEIVE_KEYS;
|
||||||
} else {
|
} else {
|
||||||
#ifdef ENABLE_CLASSIC
|
#ifdef ENABLE_CROSS_TRANSPORT_KEY_DERIVATION
|
||||||
if (sm_ctkd_from_le()){
|
if (sm_ctkd_from_le()){
|
||||||
connection->sm_engine_state = SM_SC_W2_CALCULATE_H6_ILK;
|
connection->sm_engine_state = SM_SC_W2_CALCULATE_H6_ILK;
|
||||||
} else
|
} else
|
||||||
@ -4000,7 +4005,7 @@ static void sm_pdu_handler(uint8_t packet_type, hci_con_handle_t con_handle, uin
|
|||||||
sm_key_distribution_handle_all_received(sm_conn);
|
sm_key_distribution_handle_all_received(sm_conn);
|
||||||
|
|
||||||
if (IS_RESPONDER(sm_conn->sm_role)){
|
if (IS_RESPONDER(sm_conn->sm_role)){
|
||||||
#ifdef ENABLE_CLASSIC
|
#ifdef ENABLE_CROSS_TRANSPORT_KEY_DERIVATION
|
||||||
if (sm_ctkd_from_le()){
|
if (sm_ctkd_from_le()){
|
||||||
sm_conn->sm_engine_state = SM_SC_W2_CALCULATE_H6_ILK;
|
sm_conn->sm_engine_state = SM_SC_W2_CALCULATE_H6_ILK;
|
||||||
} else
|
} else
|
||||||
|
Loading…
x
Reference in New Issue
Block a user