From 9218acdc65385bff74db6d862d6ff6355d837fab Mon Sep 17 00:00:00 2001 From: "matthias.ringwald@gmail.com" Date: Mon, 6 Jan 2014 12:07:15 +0000 Subject: [PATCH] implement sm_encryption_key_size --- ble/sm.c | 30 +++++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-) diff --git a/ble/sm.c b/ble/sm.c index baffb2ed0..cfa7ed93d 100644 --- a/ble/sm.c +++ b/ble/sm.c @@ -182,7 +182,6 @@ static uint8_t sm_accepted_stk_generation_methods; static uint8_t sm_max_encryption_key_size; static uint8_t sm_min_encryption_key_size; -static uint8_t sm_encryption_key_size; static uint8_t sm_s_auth_req = 0; static uint8_t sm_s_io_capabilities = IO_CAPABILITY_UNKNOWN; static uint8_t sm_s_request_security = 0; @@ -202,6 +201,8 @@ static int sm_central_ah_calculation_active; // static uint8_t sm_s_addr_type; static bd_addr_t sm_s_address; +static uint8_t sm_actual_encryption_key_size; +static uint8_t sm_connection_encrypted; // PER INSTANCE DATA @@ -1086,9 +1087,9 @@ static void sm_packet_handler(uint8_t packet_type, uint16_t handle, uint8_t *pac } // min{} - sm_encryption_key_size = sm_max_encryption_key_size; + sm_actual_encryption_key_size = sm_max_encryption_key_size; if (sm_m_max_encryption_key_size < sm_max_encryption_key_size){ - sm_encryption_key_size = sm_m_max_encryption_key_size; + sm_actual_encryption_key_size = sm_m_max_encryption_key_size; } // setup key distribution @@ -1275,6 +1276,8 @@ static void sm_event_packet_handler (void * connection, uint8_t packet_type, uin printf("Incoming connection, own address "); print_bd_addr(sm_s_address); + sm_connection_encrypted = 0; + // request security if (sm_s_request_security){ sm_state_responding = SM_STATE_SEND_SECURITY_REQUEST; @@ -1310,10 +1313,10 @@ static void sm_event_packet_handler (void * connection, uint8_t packet_type, uin // re-establish used key encryption size if (sm_max_encryption_key_size == sm_min_encryption_key_size){ - sm_encryption_key_size = sm_max_encryption_key_size; + sm_actual_encryption_key_size = sm_max_encryption_key_size; } else { // no db for encryption size hack: encryption size is stored in lowest nibble of sm_s_rand - sm_encryption_key_size = (sm_s_rand[7] & 0x0f) + 1; + sm_actual_encryption_key_size = (sm_s_rand[7] & 0x0f) + 1; } log_info("LTK Request: recalculating with ediv 0x%04x", sm_s_ediv); @@ -1338,7 +1341,10 @@ static void sm_event_packet_handler (void * connection, uint8_t packet_type, uin break; case HCI_EVENT_ENCRYPTION_CHANGE: - log_info("Connection encrypted"); + if (sm_response_handle != READ_BT_16(packet, 3)) break; + sm_connection_encrypted = packet[5]; + log_info("Eencryption state change: %u", sm_connection_encrypted); + if (!sm_connection_encrypted) break; if (sm_state_responding == SM_STATE_PH2_W4_CONNECTION_ENCRYPTED) { sm_state_responding = SM_STATE_PH3_GET_RANDOM; } @@ -1444,7 +1450,7 @@ static void sm_event_packet_handler (void * connection, uint8_t packet_type, uin break; case SM_STATE_PH2_W4_STK: swap128(&packet[6], sm_s_ltk); - sm_truncate_key(sm_s_ltk, sm_encryption_key_size); + sm_truncate_key(sm_s_ltk, sm_actual_encryption_key_size); print_key("stk", sm_s_ltk); sm_state_responding = SM_STATE_PH2_SEND_STK; break; @@ -1486,7 +1492,7 @@ static void sm_event_packet_handler (void * connection, uint8_t packet_type, uin break; case SM_STATE_PH4_LTK_W4_ENC: swap128(&packet[6], sm_s_ltk); - sm_truncate_key(sm_s_ltk, sm_encryption_key_size); + sm_truncate_key(sm_s_ltk, sm_actual_encryption_key_size); print_key("ltk", sm_s_ltk); sm_state_responding = SM_STATE_PH4_SEND_LTK; break; @@ -1554,7 +1560,7 @@ static void sm_event_packet_handler (void * connection, uint8_t packet_type, uin case SM_STATE_PH3_W4_RANDOM: swap64(&packet[6], sm_s_rand); // no db for encryption size hack: encryption size is stored in lowest nibble of sm_s_rand - sm_s_rand[7] = (sm_s_rand[7] & 0xf0) + (sm_encryption_key_size - 1); + sm_s_rand[7] = (sm_s_rand[7] & 0xf0) + (sm_actual_encryption_key_size - 1); sm_state_responding = SM_STATE_PH3_GET_DIV; break; case SM_STATE_PH3_W4_DIV: @@ -1658,6 +1664,12 @@ void sm_init(){ l2cap_register_packet_handler(sm_event_packet_handler); } +// @returns 0 if not encrypted, 7-16 otherwise +int sm_encryption_key_size(uint8_t addr_type, bd_addr_t address){ + if (!sm_connection_encrypted) return 0; + return sm_actual_encryption_key_size; +} + // GAP Bonding API static int sm_get_connection(uint8_t addr_type, bd_addr_t address){ // TODO compare to current connection