Nordic BLE: Fix pairing cancellation.

pan- · pan- · commit f0c3f148871f · 2018-06-13T15:10:10.000+01:00
Depending on the role and the current state of the local device; pairing cancelation should be made with a call to a specific function. Normally the Nordic stack would reject invalid calls if the device is not in the correct state; therefore it was assumed that it was possible to detect the state from sd errors. Unfortunatelly this is not true with the latest softdevices as some calls succeed even if the device is not in the right state.

To solve that issue cancelation looks at the current state of the device first to select the right function that will trigger the pairing cancellation.

Note: the call to sd_ble_gap_authenticate was missing in the previous algorithm
diff --git a/features/FEATURE_BLE/targets/TARGET_NORDIC/TARGET_NRF51/source/nRF5xPalSecurityManager.cpp b/features/FEATURE_BLE/targets/TARGET_NORDIC/TARGET_NRF51/source/nRF5xPalSecurityManager.cpp
@@ -16,6 +16,9 @@
 
 #include <stdint.h>
 #include "nRF5xPalSecurityManager.h"
+#include "nRF5xn.h"
+#include "ble/Gap.h"
+#include "nRF5xGap.h"
 #include "nrf_ble.h"
 #include "nrf_ble_gap.h"
 #include "nrf_soc.h"
@@ -339,22 +342,33 @@ ble_error_t nRF5xSecurityManager::send_pairing_response(
 ble_error_t nRF5xSecurityManager::cancel_pairing(
     connection_handle_t connection, pairing_failure_t reason
 ) {
-    // this is the default path except when a key is expected to be entered by
-    // the user.
-    uint32_t err = sd_ble_gap_sec_params_reply(
-        connection,
-        reason.value() | 0x80,
-        /* sec params */ NULL,
-        /* keyset */ NULL
-    );
+    uint32_t err = 0;
 
-    if (!err) {
-        return BLE_ERROR_NONE;
-    }
+    pairing_control_block_t* pairing_cb = get_pairing_cb(connection);
 
-    // Failed because we're in the wrong state; try to cancel pairing with
-    // sd_ble_gap_auth_key_reply
-    if (err == NRF_ERROR_INVALID_STATE) {
+    // If there is no control block yet then if the local device is a central
+    // then we must reject the security request otherwise it is a response to
+    // a pairing feature exchange from a central.
+    if (!pairing_cb) {
+        ::Gap::Role_t current_role;
+        if (!nRF5xn::Instance().getGap().get_role(connection, current_role)) {
+            return BLE_ERROR_INVALID_PARAM;
+        }
+
+        if (current_role == ::Gap::PERIPHERAL) {
+            // response to a pairing feature request
+            err = sd_ble_gap_sec_params_reply(
+                connection,
+                reason.value() | 0x80,
+                /* sec params */ NULL,
+                /* keyset */ NULL
+            );
+        } else {
+            // response to a peripheral security request
+            err = sd_ble_gap_authenticate(connection, NULL);
+        }
+    } else {
+        // At this point this must be a response to a key
         err = sd_ble_gap_auth_key_reply(
             connection,
             /* key type */ BLE_GAP_AUTH_KEY_TYPE_NONE,
diff --git a/features/FEATURE_BLE/targets/TARGET_NORDIC/TARGET_NRF52/source/nRF5xPalSecurityManager.cpp b/features/FEATURE_BLE/targets/TARGET_NORDIC/TARGET_NRF52/source/nRF5xPalSecurityManager.cpp
@@ -16,6 +16,9 @@
 
 #include <stdint.h>
 #include "nRF5xPalSecurityManager.h"
+#include "nRF5xn.h"
+#include "ble/Gap.h"
+#include "nRF5xGap.h"
 #include "nrf_ble.h"
 #include "ble_gap.h"
 #include "nrf_soc.h"
@@ -316,22 +319,33 @@ ble_error_t nRF5xSecurityManager::send_pairing_response(
 ble_error_t nRF5xSecurityManager::cancel_pairing(
     connection_handle_t connection, pairing_failure_t reason
 ) {
-    // this is the default path except when a key is expected to be entered by
-    // the user.
-    uint32_t err = sd_ble_gap_sec_params_reply(
-        connection,
-        reason.value() | 0x80,
-        /* sec params */ NULL,
-        /* keyset */ NULL
-    );
+    uint32_t err = 0;
 
-    if (!err) {
-        return BLE_ERROR_NONE;
-    }
+    pairing_control_block_t* pairing_cb = get_pairing_cb(connection);
 
-    // Failed because we're in the wrong state; try to cancel pairing with
-    // sd_ble_gap_auth_key_reply
-    if (err == NRF_ERROR_INVALID_STATE) {
+    // If there is no control block yet then if the local device is a central
+    // then we must reject the security request otherwise it is a response to
+    // a pairing feature exchange from a central.
+    if (!pairing_cb) {
+        ::Gap::Role_t current_role;
+        if (!nRF5xn::Instance().getGap().get_role(connection, current_role)) {
+            return BLE_ERROR_INVALID_PARAM;
+        }
+
+        if (current_role == ::Gap::PERIPHERAL) {
+            // response to a pairing feature request
+            err = sd_ble_gap_sec_params_reply(
+                connection,
+                reason.value() | 0x80,
+                /* sec params */ NULL,
+                /* keyset */ NULL
+            );
+        } else {
+            // response to a peripheral security request
+            err = sd_ble_gap_authenticate(connection, NULL);
+        }
+    } else {
+        // At this point this must be a response to a key
         err = sd_ble_gap_auth_key_reply(
             connection,
             /* key type */ BLE_GAP_AUTH_KEY_TYPE_NONE,
