Skip to content

Commit 2b92b26

Browse files
author
Cruz Monrreal
authored
Merge pull request #7688 from paul-szczepanek-arm/nrf-ltk-fix
BLE: call secure connections versions of ltk functions
2 parents 1ab05c2 + 6c9bd16 commit 2b92b26

File tree

1 file changed

+66
-29
lines changed

1 file changed

+66
-29
lines changed

features/FEATURE_BLE/targets/TARGET_NORDIC/TARGET_NRF52/source/nRF5xPalSecurityManager.cpp

Lines changed: 66 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -760,6 +760,24 @@ nRF5xSecurityManager& nRF5xSecurityManager::get_security_manager()
760760
return _security_manager;
761761
}
762762

763+
/**
764+
* EDIV and Rand are invalid if both are zero
765+
*/
766+
bool is_ediv_rand_valid(const uint16_t ediv, const uint8_t* rand)
767+
{
768+
for (int i = 0; i < BLE_GAP_SEC_RAND_LEN; ++i) {
769+
if (rand[i]) {
770+
return true;
771+
}
772+
}
773+
774+
if (ediv != 0) {
775+
return true;
776+
}
777+
778+
return false;
779+
}
780+
763781
bool nRF5xSecurityManager::sm_handler(const ble_evt_t *evt)
764782
{
765783
nRF5xSecurityManager& self = nRF5xSecurityManager::get_security_manager();
@@ -846,11 +864,17 @@ bool nRF5xSecurityManager::sm_handler(const ble_evt_t *evt)
846864
const ble_gap_evt_sec_info_request_t& req =
847865
gap_evt.params.sec_info_request;
848866

849-
handler->on_ltk_request(
850-
connection,
851-
ediv_t((uint8_t*)(&req.master_id.ediv)),
852-
rand_t(req.master_id.rand)
853-
);
867+
if (is_ediv_rand_valid(req.master_id.ediv, req.master_id.rand)) {
868+
handler->on_ltk_request(
869+
connection,
870+
ediv_t((uint8_t*)(&req.master_id.ediv)),
871+
rand_t(req.master_id.rand)
872+
);
873+
} else {
874+
/* no valid EDIV and Rand
875+
* request ltk generated with secure connection */
876+
handler->on_ltk_request(connection);
877+
}
854878

855879
return true;
856880
}
@@ -948,33 +972,46 @@ bool nRF5xSecurityManager::sm_handler(const ble_evt_t *evt)
948972
peer_dist = pairing_cb->initiator_dist;
949973
}
950974

951-
if (own_dist.get_encryption()) {
952-
handler->on_keys_distributed_local_ltk(
953-
connection,
954-
ltk_t(pairing_cb->own_enc_key.enc_info.ltk)
955-
);
956-
957-
handler->on_keys_distributed_local_ediv_rand(
958-
connection,
959-
ediv_t(reinterpret_cast<uint8_t*>(
960-
&pairing_cb->own_enc_key.master_id.ediv
961-
)),
975+
if (is_ediv_rand_valid(
976+
pairing_cb->own_enc_key.master_id.ediv,
962977
pairing_cb->own_enc_key.master_id.rand
963-
);
964-
}
965-
966-
if (peer_dist.get_encryption()) {
967-
handler->on_keys_distributed_ltk(
968-
connection,
969-
ltk_t(pairing_cb->peer_enc_key.enc_info.ltk)
970-
);
978+
)
979+
) {
980+
if (own_dist.get_encryption()) {
981+
handler->on_keys_distributed_local_ltk(
982+
connection,
983+
ltk_t(pairing_cb->own_enc_key.enc_info.ltk)
984+
);
985+
986+
handler->on_keys_distributed_local_ediv_rand(
987+
connection,
988+
ediv_t(reinterpret_cast<uint8_t*>(
989+
&pairing_cb->own_enc_key.master_id.ediv
990+
)),
991+
pairing_cb->own_enc_key.master_id.rand
992+
);
993+
}
971994

972-
handler->on_keys_distributed_ediv_rand(
995+
if (peer_dist.get_encryption()) {
996+
handler->on_keys_distributed_ltk(
997+
connection,
998+
ltk_t(pairing_cb->peer_enc_key.enc_info.ltk)
999+
);
1000+
1001+
handler->on_keys_distributed_ediv_rand(
1002+
connection,
1003+
ediv_t(reinterpret_cast<uint8_t*>(
1004+
&pairing_cb->peer_enc_key.master_id.ediv
1005+
)),
1006+
pairing_cb->peer_enc_key.master_id.rand
1007+
);
1008+
}
1009+
} else {
1010+
/* no valid EDIV and Rand meaning this is a
1011+
* Secure Connections key */
1012+
handler->on_secure_connections_ltk_generated(
9731013
connection,
974-
ediv_t(reinterpret_cast<uint8_t*>(
975-
&pairing_cb->peer_enc_key.master_id.ediv
976-
)),
977-
pairing_cb->peer_enc_key.master_id.rand
1014+
ltk_t(pairing_cb->own_enc_key.enc_info.ltk)
9781015
);
9791016
}
9801017

0 commit comments

Comments
 (0)