diff --git a/port/libusb/gap_le_connect_to_1111.c b/port/libusb/gap_le_connect_to_1111.c index 7a72c1382..2ddbcf09b 100644 --- a/port/libusb/gap_le_connect_to_1111.c +++ b/port/libusb/gap_le_connect_to_1111.c @@ -85,8 +85,9 @@ static void gap_le_connect_to_1111_setup(void){ // sm_set_io_capabilities(IO_CAPABILITY_DISPLAY_ONLY); sm_set_authentication_requirements(SM_AUTHREQ_MITM_PROTECTION); #ifdef ENABLE_LE_SECURE_CONNECTIONS - // sm_set_authentication_requirements(SM_AUTHREQ_SECURE_CONNECTION|SM_AUTHREQ_MITM_PROTECTION); - sm_set_authentication_requirements(SM_AUTHREQ_SECURE_CONNECTION); + sm_set_authentication_requirements(SM_AUTHREQ_SECURE_CONNECTION|SM_AUTHREQ_MITM_PROTECTION); + // Just Works (no MITM requested) + // sm_set_authentication_requirements(SM_AUTHREQ_SECURE_CONNECTION); #endif } diff --git a/src/ble/sm.c b/src/ble/sm.c index d2469892c..14332f1e7 100644 --- a/src/ble/sm.c +++ b/src/ble/sm.c @@ -2611,11 +2611,16 @@ static void sm_pdu_handler(uint8_t packet_type, hci_con_handle_t con_handle, uin } #ifdef ENABLE_LE_SECURE_CONNECTIONS if (setup->sm_use_secure_connections){ - sm_conn->sm_engine_state = SM_PH1_W4_USER_RESPONSE; - sm_trigger_user_response(sm_conn); - if (setup->sm_user_response == SM_USER_RESPONSE_IDLE){ + // SC Numeric Comparison will trigger user response after public keys & nonces have been exchanged + if (setup->sm_stk_generation_method == JUST_WORKS){ + sm_conn->sm_engine_state = SM_PH1_W4_USER_RESPONSE; + sm_trigger_user_response(sm_conn); + if (setup->sm_user_response == SM_USER_RESPONSE_IDLE){ + sm_conn->sm_engine_state = SM_PH2_SEND_PUBLIC_KEY_COMMAND; + } + } else { sm_conn->sm_engine_state = SM_PH2_SEND_PUBLIC_KEY_COMMAND; - } + } break; } #endif