request security level 0 for l2cap services

2025-03-23 01:21:28 +00:00 · 2014-01-16 23:15:21 +00:00 · 2014-01-16 23:15:21 +00:00 · f85a9399b2
commit f85a9399b2
parent 2bd8b7e7f3
4 changed files with 41 additions and 21 deletions
--- a/include/btstack/hci_cmds.h
+++ b/include/btstack/hci_cmds.h
@ -252,7 +252,8 @@ extern "C" {
 // Error Code
 #define ERROR_CODE_UNKNOWN_CONNECTION_IDENTIFIER 	       0x02
 #define ERROR_CODE_PAIRING_NOT_ALLOWED					   0x18
-
+#define ERROR_CODE_INSUFFICIENT_SECURITY 				   0x2F
+ 
 // last error code in 2.1 is 0x38 - we start with 0x50 for BTstack errors
 #define BTSTACK_CONNECTION_TO_BTDAEMON_FAILED              0x50
 #define BTSTACK_ACTIVATION_FAILED_SYSTEM_BLUETOOTH		   0x51
--- a/src/hci.c
+++ b/src/hci.c
@ -1770,11 +1770,18 @@ gap_security_level_t gap_security_level(hci_con_handle_t con_handle){
 * @result GAP_AUTHENTICATION_RESULT
 */
 void gap_request_security_level(hci_con_handle_t con_handle, gap_security_level_t level){
-    hci_connection_t * connection = hci_connection_for_handle(con_handle);
-    if (!connection){
-        hci_emit_security_level(con_handle, ERROR_CODE_UNKNOWN_CONNECTION_IDENTIFIER, LEVEL_0);
-        return;
-    }
-    //
-
+    // hci_connection_t * connection = hci_connection_for_handle(con_handle);
+    // if (!connection){
+    //     hci_emit_security_level(con_handle, ERROR_CODE_UNKNOWN_CONNECTION_IDENTIFIER, LEVEL_0);
+    //     return;
+    // }
+    // gap_security_level_t current_level = gap_security_level(con_handle);
+    // if (ggap_security_level_t >= level){
+    //     hci_emit_security_level(con_handle, 0, gap_security_level_t);
+    //     return;
+    // }
+    // connection->bonding_flags |= 
+    
+    // magic!
+    hci_emit_security_level(con_handle, 0, level);
 }
--- a/src/l2cap.c
+++ b/src/l2cap.c
@ -769,6 +769,25 @@ void l2cap_event_handler( uint8_t *packet, uint16_t size ){
                (*security_protocol_packet_handler)(HCI_EVENT_PACKET, 0, packet, size);
            }
            break;
+
+        case GAP_AUTHENTICATION_RESULT:
+            handle = READ_BT_16(packet, 3);
+            for (it = (linked_item_t *) l2cap_channels; it ; it = it->next){
+                channel = (l2cap_channel_t *) it;
+                if (channel->handle != handle) continue;
+                if (channel->state  != L2CAP_STATE_WAIT_AUTHENTICATION_RESULT) continue;
+                if (packet[2]){
+                    // fail
+                    channel->reason = 0x03; // security block
+                    channel->state = L2CAP_STATE_WILL_SEND_CONNECTION_RESPONSE_DECLINE;
+                } else {
+                    // success
+                    // @todo check sercurity level again
+                    channel->state = L2CAP_STATE_WAIT_CLIENT_ACCEPT_OR_REJECT;
+                    l2cap_emit_connection_request(channel);
+                }
+            }
+            break;
            
        default:
            break;
@ -818,7 +837,7 @@ static void l2cap_handle_connection_request(hci_con_handle_t handle, uint8_t sig
        && hci_local_ssp_activated()
        && hci_remote_ssp_supported(handle)
        && gap_security_level(handle) == LEVEL_0){
-        
+
        // 0x0003 Security Block
        l2cap_register_signaling_response(handle, CONNECTION_REQUEST, sig_id, 0x0003);
        return;
@ -853,23 +872,15 @@ static void l2cap_handle_connection_request(hci_con_handle_t handle, uint8_t sig
    }
    
    // set initial state
-    channel->state = L2CAP_STATE_WAIT_CLIENT_ACCEPT_OR_REJECT;
+    channel->state = L2CAP_STATE_WAIT_AUTHENTICATION_RESULT;
    channel->state_var = L2CAP_CHANNEL_STATE_VAR_SEND_CONN_RESP_PEND;
    
    // add to connections list
    linked_list_add(&l2cap_channels, (linked_item_t *) channel);

-    // check security requirements
-    // gap_security_level_t current_level  = gap_security_level(handle);
-    // gap_security_level_t required_level = LEVEL_2;
-    // if (current_level < required_level){
-    //     channel->state = L2CAP_STATE_WAIT_AUTHENTICATION_RESULT;
-    //     gap_request_security_level(handle, required_level);
-    //     return;        
-    // }
-
-    // emit incoming connection request
-    l2cap_emit_connection_request(channel);
+    // assert security requirements
+    gap_security_level_t required_level = LEVEL_0;
+    gap_request_security_level(handle, required_level);
 }

 void l2cap_accept_connection_internal(uint16_t local_cid){
--- a/src/l2cap.h
+++ b/src/l2cap.h
@ -100,6 +100,7 @@ typedef enum {
    L2CAP_STATE_OPEN,
    L2CAP_STATE_WAIT_DISCONNECT,  // from application
    L2CAP_STATE_WILL_SEND_CONNECTION_REQUEST,
+    L2CAP_STATE_WILL_SEND_CONNECTION_RESPONSE_INSUFFICIENT_SECURITY,
    L2CAP_STATE_WILL_SEND_CONNECTION_RESPONSE_DECLINE,
    L2CAP_STATE_WILL_SEND_CONNECTION_RESPONSE_ACCEPT,   
    L2CAP_STATE_WILL_SEND_DISCONNECT_REQUEST,