mirror/btstack
1
0
Fork 0
mirror of https://github.com/bluekitchen/btstack.git synced 2025-03-29 22:20:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

sm: abort pairing with invalid parameter error for encryption key size > 16

Browse Source
This commit is contained in:
Matthias Ringwald 2024-01-09 16:01:00 +01:00
parent 6e821f1c6c
commit afbd946d92
2 changed files with 31 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG.md
View File

@ -10,9 +10,9 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
### Added ### Added
### Fixed ### Fixed
- HFP HF: send HF Indicator update only if enabled by AG - HFP HF: send HF Indicator update only if enabled by AG
- SM: abort pairing with invalid parameter error for encryption key size > 16
### Changed ### Changed
## Release v1.6 ## Release v1.6
### Added ### Added

32
src/ble/sm.c
View File

@ -4339,6 +4339,7 @@ static void sm_pdu_handler(uint8_t packet_type, hci_con_handle_t con_handle, uin
log_debug("sm_pdu_handler: state %u, pdu 0x%02x", sm_conn->sm_engine_state, sm_pdu_code); log_debug("sm_pdu_handler: state %u, pdu 0x%02x", sm_conn->sm_engine_state, sm_pdu_code);
int err; int err;
uint8_t max_encryption_key_size;
UNUSED(err); UNUSED(err);
if (sm_pdu_code == SM_CODE_KEYPRESS_NOTIFICATION){ if (sm_pdu_code == SM_CODE_KEYPRESS_NOTIFICATION){
@ -4386,6 +4387,14 @@ static void sm_pdu_handler(uint8_t packet_type, hci_con_handle_t con_handle, uin
// store pairing request // store pairing request
(void)memcpy(&setup->sm_s_pres, packet, (void)memcpy(&setup->sm_s_pres, packet,
sizeof(sm_pairing_packet_t)); sizeof(sm_pairing_packet_t));
// validate encryption key size
max_encryption_key_size = sm_pairing_packet_get_max_encryption_key_size(setup->sm_s_pres);
if ((max_encryption_key_size < 7) || (max_encryption_key_size > 16)){
sm_pairing_error(sm_conn, SM_REASON_INVALID_PARAMETERS);
break;
}
err = sm_stk_generation_init(sm_conn); err = sm_stk_generation_init(sm_conn);
#ifdef ENABLE_TESTING_SUPPORT #ifdef ENABLE_TESTING_SUPPORT
@ -4485,6 +4494,13 @@ static void sm_pdu_handler(uint8_t packet_type, hci_con_handle_t con_handle, uin
// store pairing request // store pairing request
(void)memcpy(&sm_conn->sm_m_preq, packet, sizeof(sm_pairing_packet_t)); (void)memcpy(&sm_conn->sm_m_preq, packet, sizeof(sm_pairing_packet_t));
// validation encryption key size
max_encryption_key_size = sm_pairing_packet_get_max_encryption_key_size(sm_conn->sm_m_preq);
if ((max_encryption_key_size < 7) || (max_encryption_key_size > 16)){
sm_pairing_error(sm_conn, SM_REASON_INVALID_PARAMETERS);
break;
}
// check if IRK completed // check if IRK completed
switch (sm_conn->sm_irk_lookup_state){ switch (sm_conn->sm_irk_lookup_state){
case IRK_LOOKUP_SUCCEEDED: case IRK_LOOKUP_SUCCEEDED:
@ -4804,7 +4820,12 @@ static void sm_pdu_handler(uint8_t packet_type, hci_con_handle_t con_handle, uin
(void)memcpy(&setup->sm_s_pres, packet, sizeof(sm_pairing_packet_t)); (void)memcpy(&setup->sm_s_pres, packet, sizeof(sm_pairing_packet_t));
// validate encryption key size // validate encryption key size
sm_conn->sm_actual_encryption_key_size = sm_calc_actual_encryption_key_size(sm_pairing_packet_get_max_encryption_key_size(setup->sm_s_pres)); max_encryption_key_size = sm_pairing_packet_get_max_encryption_key_size(setup->sm_s_pres);
if ((max_encryption_key_size < 7) || (max_encryption_key_size > 16)){
sm_pairing_error(sm_conn, SM_REASON_INVALID_PARAMETERS);
break;
}
sm_conn->sm_actual_encryption_key_size = sm_calc_actual_encryption_key_size(max_encryption_key_size);
// SC Only mandates 128 bit key size // SC Only mandates 128 bit key size
if (sm_sc_only_mode && (sm_conn->sm_actual_encryption_key_size < 16)) { if (sm_sc_only_mode && (sm_conn->sm_actual_encryption_key_size < 16)) {
sm_conn->sm_actual_encryption_key_size = 0; sm_conn->sm_actual_encryption_key_size = 0;
@ -4832,10 +4853,17 @@ static void sm_pdu_handler(uint8_t packet_type, hci_con_handle_t con_handle, uin
sm_pdu_received_in_wrong_state(sm_conn); sm_pdu_received_in_wrong_state(sm_conn);
break; break;
} }
// store pairing request // store pairing request
(void)memcpy(&sm_conn->sm_m_preq, packet, sizeof(sm_pairing_packet_t)); (void)memcpy(&sm_conn->sm_m_preq, packet, sizeof(sm_pairing_packet_t));
// validate encryption key size // validate encryption key size
sm_conn->sm_actual_encryption_key_size = sm_calc_actual_encryption_key_size(sm_pairing_packet_get_max_encryption_key_size(sm_conn->sm_m_preq)); max_encryption_key_size = sm_pairing_packet_get_max_encryption_key_size(setup->sm_m_preq);
if ((max_encryption_key_size < 7) || (max_encryption_key_size > 16)){
sm_pairing_error(sm_conn, SM_REASON_INVALID_PARAMETERS);
break;
}
sm_conn->sm_actual_encryption_key_size = sm_calc_actual_encryption_key_size(max_encryption_key_size);
// SC Only mandates 128 bit key size // SC Only mandates 128 bit key size
if (sm_sc_only_mode && (sm_conn->sm_actual_encryption_key_size < 16)) { if (sm_sc_only_mode && (sm_conn->sm_actual_encryption_key_size < 16)) {
sm_conn->sm_actual_encryption_key_size = 0; sm_conn->sm_actual_encryption_key_size = 0;