From fb8ba0dbcd59b0f55263e5be12c95aa6e35ceca0 Mon Sep 17 00:00:00 2001 From: "matthias.ringwald@gmail.com" Date: Fri, 17 Jan 2014 12:01:32 +0000 Subject: [PATCH] GAP update to higher security level working --- example/libusb/spp_counter.c | 2 ++ include/btstack/hci_cmds.h | 18 ++++++++++++++++++ src/hci.c | 7 ++++--- src/hci.h | 5 ++--- src/l2cap.c | 2 +- 5 files changed, 27 insertions(+), 7 deletions(-) diff --git a/example/libusb/spp_counter.c b/example/libusb/spp_counter.c index 6bfa08a80..9bce09fa1 100644 --- a/example/libusb/spp_counter.c +++ b/example/libusb/spp_counter.c @@ -149,6 +149,8 @@ void setup(void){ sdp_create_spp_service( spp_service_buffer, RFCOMM_SERVER_CHANNEL, "SPP Counter"); printf("SDP service record size: %u\n\r", de_get_len(spp_service_buffer)); sdp_register_service_internal(NULL, spp_service_buffer); + + hci_ssp_set_io_capability(SSP_IO_CAPABILITY_DISPLAY_YES_NO); } // main == setup diff --git a/include/btstack/hci_cmds.h b/include/btstack/hci_cmds.h index 12e65bc1b..1b1cfa91e 100644 --- a/include/btstack/hci_cmds.h +++ b/include/btstack/hci_cmds.h @@ -311,6 +311,24 @@ extern "C" { * SSP Authentication Requirements, see IO Capability Request Reply Commmand */ +// Numeric comparison with automatic accept allowed. +#define SSP_IO_AUTHREQ_MITM_PROTECTION_NOT_REQUIRED_NO_BONDING 0x00 + +// Use IO Capabilities to deter- mine authentication procedure +#define SSP_IO_AUTHREQ_MITM_PROTECTION_REQUIRED_NO_BONDING 0x01 + +// Numeric compar- ison with automatic accept allowed. +#define SSP_IO_AUTHREQ_MITM_PROTECTION_NOT_REQUIRED_DEDICATED_BONDING 0x02 + +// Use IO Capabilities to determine authentication procedure +#define SSP_IO_AUTHREQ_MITM_PROTECTION_REQUIRED_DEDICATED_BONDING 0x03 + +// Numeric Compari- son with automatic accept allowed. +#define SSP_IO_AUTHREQ_MITM_PROTECTION_NOT_REQUIRED_GENERAL_BONDING 0x04 + +// . Use IO capabilities to determine authentication procedure. +#define SSP_IO_AUTHREQ_MITM_PROTECTION_REQUIRED_GENERAL_BONDING 0x05 + /** * Hardware state of Bluetooth controller */ diff --git a/src/hci.c b/src/hci.c index 608dd1ba4..aaefbed64 100644 --- a/src/hci.c +++ b/src/hci.c @@ -714,7 +714,6 @@ static void event_handler(uint8_t *packet, int size){ if (gap_security_level_for_link_key_type(conn->link_key_type) >= conn->requested_security_level){ // link key sufficient for requested security conn->bonding_flags |= BONDING_SEND_ENCRYPTION_REQUEST; - return; } else { // not enough hci_emit_security_level(handle, gap_security_level_for_connection(conn)); @@ -1824,7 +1823,7 @@ void gap_request_security_level(hci_con_handle_t con_handle, gap_security_level_ connection->requested_security_level = requested_level; - // would enabling ecnryption suffice? + // would enabling ecnryption suffice (>= LEVEL_2)? if (hci_stack.remote_device_db){ link_key_type_t link_key_type; link_key_t link_key; @@ -1836,7 +1835,9 @@ void gap_request_security_level(hci_con_handle_t con_handle, gap_security_level_ } } + // setup SSP AuthRequirements, we need MITM to go higher + hci_stack.ssp_authentication_requirement |= 1; // MITM required + // try to authenticate connection connection->bonding_flags |= BONDING_SEND_AUTHENTICATE_REQUEST; - // connection->bonding_flags |= BONDING_REQUESTED; } diff --git a/src/hci.h b/src/hci.h index f7e5f1858..3a2861fa4 100644 --- a/src/hci.h +++ b/src/hci.h @@ -237,9 +237,8 @@ typedef enum { BONDING_RECEIVED_REMOTE_FEATURES = 0x02, BONDING_REMOTE_SUPPORTS_SSP = 0x04, BONDING_DISCONNECT_SECURITY_BLOCK = 0x08, - BONDING_REQUESTED = 0x10, - BONDING_SEND_AUTHENTICATE_REQUEST = 0x20, - BONDING_SEND_ENCRYPTION_REQUEST = 0x40, + BONDING_SEND_AUTHENTICATE_REQUEST = 0x10, + BONDING_SEND_ENCRYPTION_REQUEST = 0x20, } bonding_flags_t; typedef enum { diff --git a/src/l2cap.c b/src/l2cap.c index a80695533..c256df362 100644 --- a/src/l2cap.c +++ b/src/l2cap.c @@ -840,7 +840,7 @@ static void l2cap_handle_connection_request(hci_con_handle_t handle, uint8_t sig if (psm != PSM_SDP && hci_local_ssp_activated() && hci_remote_ssp_supported(handle) - && gap_security_level(handle) == LEVEL_0){ + && gap_security_level(handle) == LEVEL_3){ // 0x0003 Security Block l2cap_register_signaling_response(handle, CONNECTION_REQUEST, sig_id, 0x0003);