sm: drop LTK flag from Pairing Response for Secure Connections

2025-02-21 12:40:42 +00:00 · 2018-08-21 17:59:19 +02:00 · 2018-08-21 17:59:19 +02:00 · f55bd52945
commit f55bd52945
parent 44263cccde
2 changed files with 17 additions and 7 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -11,7 +11,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.

 ### Fixed
 - GATT Server: Allow enable Notifications/Indication with Write Command. Fixes issue with some Android devices.
- SM: Fix pairing for Secure Connections with Bonding if remote sends additional keys
+- SM: fix pairing for Secure Connections with Bonding if remote sends additional keys
+- SM: drop LTK flag from Pairing Response for Secure Connections

 ## Changes June 2018

--- a/src/ble/sm.c
+++ b/src/ble/sm.c
@ -2358,21 +2358,30 @@ static void sm_run(void){

 #ifdef ENABLE_LE_PERIPHERAL
            case SM_RESPONDER_PH1_SEND_PAIRING_RESPONSE:
-                // echo initiator for now
                sm_pairing_packet_set_code(setup->sm_s_pres,SM_CODE_PAIRING_RESPONSE);
+
+                // start with initiator key dist flags
                key_distribution_flags = sm_key_distribution_flags_for_auth_req();

+#ifdef ENABLE_LE_SECURE_CONNECTIONS
+                // LTK (= encyrption information & master identification) only exchanged for LE Legacy Connection
+                if (setup->sm_use_secure_connections){
+                    key_distribution_flags &= ~SM_KEYDIST_ENC_KEY;
+                }
+#endif
+                // setup in response 
+                sm_pairing_packet_set_initiator_key_distribution(setup->sm_s_pres, sm_pairing_packet_get_initiator_key_distribution(setup->sm_m_preq) & key_distribution_flags);
+                sm_pairing_packet_set_responder_key_distribution(setup->sm_s_pres, sm_pairing_packet_get_responder_key_distribution(setup->sm_m_preq) & key_distribution_flags);
+
+                // update key distribution after ENC was dropped
+                sm_setup_key_distribution(sm_pairing_packet_get_responder_key_distribution(setup->sm_s_pres));
+
                if (setup->sm_use_secure_connections){
                    connection->sm_engine_state = SM_SC_W4_PUBLIC_KEY_COMMAND;
                } else {
                    connection->sm_engine_state = SM_RESPONDER_PH1_W4_PAIRING_CONFIRM;
                }

-                sm_pairing_packet_set_initiator_key_distribution(setup->sm_s_pres, sm_pairing_packet_get_initiator_key_distribution(setup->sm_m_preq) & key_distribution_flags);
-                sm_pairing_packet_set_responder_key_distribution(setup->sm_s_pres, sm_pairing_packet_get_responder_key_distribution(setup->sm_m_preq) & key_distribution_flags);
-                // update key distribution after ENC was dropped
-                sm_setup_key_distribution(sm_pairing_packet_get_responder_key_distribution(setup->sm_s_pres));
-
                l2cap_send_connectionless(connection->sm_handle, L2CAP_CID_SECURITY_MANAGER_PROTOCOL, (uint8_t*) &setup->sm_s_pres, sizeof(sm_pairing_packet_t));
                sm_timeout_reset(connection);
                // SC Numeric Comparison will trigger user response after public keys & nonces have been exchanged