mirror/btstack
1
0
Fork 0
mirror of https://github.com/bluekitchen/btstack.git synced 2025-01-30 06:32:43 +00:00
Code Issues Packages Projects Releases Wiki Activity
btstack/doc/manual/docs/picts/gatt_client_security.txt

308 lines
8.6 KiB
Plaintext
Raw Blame History

@startuml
title Reactive Authentication in Central Role
start
: App on A connects to B;
: App on A triggers GATT Client request;
: GATT Client request sent;
if (GATT Server returns an ATT_ERROR_INSUFFICIENT_X error?) then (yes)
if (ENABLE_GATT_CLIENT_PAIRING defined?) then (yes)
if (LTK available?) then (yes)
: SM_EVENT_REENCRYPTION_STARTED;
: start encryption;
if (re-encrypted) then (yes)
: SM_EVENT_REENCRYPTION_COMPLETE(ERROR_CODE_SUCCESS);
: GATT Client request re-sent;
#23DB2B : App receives GATT Response;
stop
else (no)
: SM_EVENT_REENCRYPTION_COMPLETE(error);
: delete bonding information;
endif
endif
: SM_EVENT_PAIRING_STARTED;
: start pairing;
if (pairing success?) then (yes)
: SM_EVENT_PAIRING_COMPLETE(ERROR_CODE_SUCCESS);
: GATT Client request re-sent;
#23DB2B : App receives GATT Response;
stop
else (no)
: SM_EVENT_PAIRING_COMPLETE(error);
#FD5B41 : App receives a GATT Client error;
stop
endif
else (no)
#FD5B41: ATT_QUERY_COMPLETE(ATT_ERROR_INSUFFICIENT_X);
stop
note left
App can trigger pairing and
repeat the GATT Client request
end note
endif
else (no)
#23DB2B : App receives GATT Response;
stop
endif
@enduml
@startuml
title Reactive Authentication in Peripheral Role
start
: App on B connects to A;
: App on A triggers GATT Client request;
: GATT Client request sent;
if (GATT Server returns an ATT_ERROR_INSUFFICIENT_X error?) then (yes)
if (ENABLE_GATT_CLIENT_PAIRING define?) then (yes)
if (LTK available?) then (yes)
: SM_EVENT_REENCRYPTION_STARTED;
: SM on A sends SECURITY REQUEST;
: SM on B should encrypt connection if LTK available;
if (re-encrypted) then (yes)
: SM_EVENT_REENCRYPTION_COMPLETE(ERROR_CODE_SUCCESS);
: GATT Client request re-sent;
#23DB2B : App receives GATT Response;
stop
else (no)
: SM_EVENT_REENCRYPTION_COMPLETE(error);
: delete bonding information;
endif
endif
: SM_EVENT_PAIRING_STARTED;
: SM on A sends SECURITY REQUEST;
: SM on B should perform pairing sequence;
if (pairing success?) then (yes)
: SM_EVENT_PAIRING_COMPLETE(ERROR_CODE_SUCCESS);
: GATT Client request re-sent;
#23DB2B : App receives GATT Response;
stop
else (no)
: SM_EVENT_PAIRING_COMPLETE(error);
#FD5B41 : App receives a GATT Client error;
stop
endif
else (no)
#FD5B41: ATT_QUERY_COMPLETE(ATT_ERROR_INSUFFICIENT_X);
stop
note left
App can trigger pairing and
repeat the GATT Client request
end note
endif
else (no)
#23DB2B : App receives GATT Response;
stop
endif
@enduml
@startuml
title Mandatory Authentication in Central Role
start
: App calls gatt_client_set_required_security_level (level > 0);
: App on A connects to B;
: App on A triggers GATT Client request;
: GATT Client request sent;
if (LTK available?) then (yes)
: SM_EVENT_REENCRYPTION_STARTED;
: start encryption;
if (re-encrypted) then (yes)
: SM_EVENT_REENCRYPTION_COMPLETE(ERROR_CODE_SUCCESS);
: GATT Client request sent;
#23DB2B : App receives GATT Response;
stop
else (no)
: SM_EVENT_REENCRYPTION_COMPLETE(error);
#FD5B41: App receives GATT_QUERY_COMPLETE event
with ATT_ERROR_BONDING_INFORMATION_MISSING;
stop
endif
else (no)
: SM_EVENT_PAIRING_STARTED;
: start pairing;
if (pairing success?) then (yes)
: SM_EVENT_PAIRING_COMPLETE(ERROR_CODE_SUCCESS);
: GATT Client request sent;
#23DB2B : App receives GATT Response;
stop
else (no)
: SM_EVENT_PAIRING_COMPLETE(error);
if (level >= 3) then (yes)
#FD5B41: App receives GATT_QUERY_COMPLETE event
with ATT_ERROR_INSUFFICIENT_AUTHENTICATION;
stop
else (no)
#FD5B41: App receives GATT_QUERY_COMPLETE event
with ATT_ERROR_INSUFFICIENT_ENCRYPTION;
stop
endif
endif
@enduml
@startuml
title Mandatory Authentication in Peripheral Role
start
: App calls gatt_client_set_required_security_level (level > 0);
: App on B connects to A;
: App on A triggers GATT Client request;
: GATT Client request sent;
if (LTK available?) then (yes)
: SM_EVENT_REENCRYPTION_STARTED;
: SM on A sends SECURITY REQUEST;
: SM on B should encrypt connection if LTK available;
if (re-encrypted) then (yes)
: SM_EVENT_REENCRYPTION_COMPLETE(ERROR_CODE_SUCCESS);
: GATT Client request sent;
#23DB2B : App receives GATT Response;
stop
else (no)
: SM_EVENT_REENCRYPTION_COMPLETE(error);
#FD5B41: App receives GATT_QUERY_COMPLETE event
with ATT_ERROR_BONDING_INFORMATION_MISSING;
stop
endif
else (no)
: SM_EVENT_PAIRING_STARTED;
: SM on A sends SECURITY REQUEST;
: SM on B should perform pairing sequence;
if (pairing success?) then (yes)
: SM_EVENT_PAIRING_COMPLETE(ERROR_CODE_SUCCESS);
: GATT Client request sent;
#23DB2B : App receives GATT Response;
stop
else (no)
: SM_EVENT_PAIRING_COMPLETE(error);
if (level >= 3) then (yes)
#FD5B41: App receives GATT_QUERY_COMPLETE event
with ATT_ERROR_INSUFFICIENT_AUTHENTICATION;
stop
else (no)
#FD5B41: App receives GATT_QUERY_COMPLETE event
with ATT_ERROR_INSUFFICIENT_ENCRYPTION;
stop
endif
endif
@enduml
@startuml
title Proactive Authentication in Central Role
start
: A connects to B;
: SM checks if LTK available;
note right
SM actions triggered by
connection complete
(independent from GATT Client)
end note
: App triggers GATT Client request on A;
if (LTK available?) then (no)
: GATT Client request sent;
if (GATT Server returns an ATT_ERROR_INSUFFICIENT_X error?) then (no)
#23DB2B : App receives GATT Response;
stop
else (yes)
if (ENABLE_GATT_CLIENT_PAIRING defined?) then (no)
#FD5B41: App receives GATT_QUERY_COMPLETE event
with ATT_ERROR_INSUFFICIENT_X;
stop
else (yes)
: SM_EVENT_PAIRING_STARTED;
: start pairing;
if (pairing success?) then (yes)
: SM_EVENT_PAIRING_COMPLETE(ERROR_CODE_SUCCESS);
: GATT Client request re-sent;
#23DB2B : App receives GATT Response;
stop
else (no)
: SM_EVENT_PAIRING_COMPLETE(error);
#FD5B41: App receives GATT_QUERY_COMPLETE event
with ATT_ERROR_INSUFFICIENT_X;
stop
endif
endif
endif
else (yes)
: SM_EVENT_REENCRYPTION_STARTED;
: start encryption;
if (re-encrypted) then (yes)
: SM_EVENT_REENCRYPTION_COMPLETE(ERROR_CODE_SUCCESS);
: GATT Client request sent;
#23DB2B : App receives GATT Response;
stop
else (no)
: SM_EVENT_REENCRYPTION_COMPLETE(error);
#FD5B41: App receives GATT_QUERY_COMPLETE event
with ATT_ERROR_BONDING_INFORMATION_MISSING;
stop
note right
App can delete bonding
information and repeat
the GATT Client request
end note
endif
endif
@enduml
@startuml
title Proactive Authentication in Peripheral Role
start
: A connects to B;
: SM checks if LTK available;
note right
SM actions triggered by
connection complete
(independent from GATT Client)
end note
: App triggers GATT Client request on A;
if (LTK available?) then (no)
: GATT Client request sent;
if (GATT Server returns an ATT_ERROR_INSUFFICIENT_X error?) then (no)
#23DB2B : App receives GATT Response;
stop
else (yes)
if (ENABLE_GATT_CLIENT_PAIRING defined?) then (no)
#FD5B41: App receives GATT_QUERY_COMPLETE event
with ATT_ERROR_INSUFFICIENT_X;
stop
else (yes)
: SM_EVENT_PAIRING_STARTED;
: start pairing;
if (pairing success?) then (yes)
: SM_EVENT_PAIRING_COMPLETE(ERROR_CODE_SUCCESS);
: GATT Client request re-sent;
#23DB2B : App receives GATT Response;
stop
else (no)
: SM_EVENT_PAIRING_COMPLETE(error);
#FD5B41: App receives GATT_QUERY_COMPLETE event
with ATT_ERROR_INSUFFICIENT_X;
stop
endif
endif
endif
else (yes)
: SM_EVENT_REENCRYPTION_STARTED;
: start encryption;
if (re-encrypted) then (yes)
: SM_EVENT_REENCRYPTION_COMPLETE(ERROR_CODE_SUCCESS);
: GATT Client request sent;
#23DB2B : App receives GATT Response;
stop
else (no)
: SM_EVENT_REENCRYPTION_COMPLETE(error);
#FD5B41: App receives GATT_QUERY_COMPLETE event
with ATT_ERROR_BONDING_INFORMATION_MISSING;
stop
note right
App can delete bonding
information and repeat
the GATT Client request
end note
endif
endif
@enduml
Reference in New Issue View Git Blame Copy Permalink