host/sm: Add CSIS SIRK encryption #1635
Conversation
m-gorecki
force-pushed
the
sm_csis
branch
2 times, most recently
from
e62627e
to
292cc25
Compare
nimble/host/src/ble_sm.c
Outdated
| @@ -2910,4 +2910,109 @@ ble_sm_create_chan(uint16_t conn_handle) | |||
| return chan; | |||
| } | |||
|
|
|||
| #if MYNEWT_VAL(BLE_SM_SC) | |||
There was a problem hiding this comment.
I'd add BLE_SM_CSIS_SIRK to enable everything related to handling CSIS SIRK and move this to ble_sm_csis.c
also mark syscfg as experimental since we may want to move it to some place more appropriate and rename in future with addition of le audio code.
nimble/host/src/ble_sm.c
Outdated
| return rc; | ||
| } | ||
|
|
||
| if (memcmp(local_hash, hash, 3) == 0) { |
There was a problem hiding this comment.
better write this as:
if (memcmp(local_hash, hash, 3)) {
return BLE_HS_EAUTHEN;
}
return 0;this way return value in case of success is at the very end of function as expected
nimble/host/src/ble_sm_alg.c
Outdated
| * We assume that 16 bytes is enough and return error if passed len value is greater | ||
| * than that */ | ||
| if ((n_len > 16) || (p_len > 16)) { | ||
| return BLE_HS_EUNKNOWN; |
nimble/host/src/ble_sm_alg.c
Outdated
| * We assume that 16 bytes is enough and return error if passed len value is greater | ||
| * than that */ | ||
| if (m_len > 16) { | ||
| return BLE_HS_EUNKNOWN; |
nimble/host/src/ble_sm.c
Outdated
| return rc; | ||
| } | ||
| /* Two MSBs of prand shall be equal to 0 and 1 */ | ||
| prand[2] &= ~(0x80); |
There was a problem hiding this comment.
nitpick: &= ~0xc0 -> we want to change 2 bits so clear 2 bits, we write it like this in code that calculates rpa
nimble/host/src/ble_sm.c
Outdated
|
|
||
| memset(&key_sec, 0, sizeof(key_sec)); | ||
| key_sec.peer_addr.type = peer_addr.type; | ||
| memcpy(key_sec.peer_addr.val, peer_addr.val, 6); |
There was a problem hiding this comment.
key_sec.peer_addr = peer_addr
nimble/host/src/ble_sm.c
Outdated
| return rc; | ||
| } else if (!value_sec.ltk_present) { | ||
| return BLE_HS_ENOENT; | ||
| } |
There was a problem hiding this comment.
this should be only done if sirk is encrypted
nimble/host/include/host/ble_sm.h
Outdated
| @@ -111,6 +113,8 @@ struct ble_sm_io { | |||
| }; | |||
|
|
|||
| int ble_sm_sc_oob_generate_data(struct ble_sm_sc_oob_data *oob_data); | |||
| int ble_sm_csis_resolve_rsi(ble_addr_t peer_addr, uint8_t *rsi, | |||
There was a problem hiding this comment.
ble_addr_t *peer_addr
const uint8_t *rsi
const uint8_t *sirk
m-gorecki
force-pushed
the
sm_csis
branch
2 times, most recently
from
368fb2a
to
9feb506
Compare
m-gorecki
force-pushed
the
sm_csis
branch
2 times, most recently
from
cb67d52
to
d983027
Compare
This adds functions and algorithms to encrypt and decrypt SIRK from Coordinated Set Identification Service. This also adds API to resolve RSI. Application can use it to find devices that are part of Coordinated Set.
This adds functions and algorithms to encrypt and decrypt SIRK from Coordinated Set Identification Service.
This also adds API to resolve RSI. Application can use it to find devices that are part of Coordinated Set.