Re: [PR] host: sm: secure connection only pairing might fail with no reason [mynewt-nimble]

Fri, 24 Jan 2025 03:40:46 -0800 


guy-m commented on code in PR #1961:
URL: https://github.com/apache/mynewt-nimble/pull/1961#discussion_r1928546423


##########
nimble/host/src/ble_sm.c:
##########
@@ -1849,18 +1849,18 @@ ble_sm_pair_req_rx(uint16_t conn_handle, struct os_mbuf 
**om,
         } else if (req->max_enc_key_size > BLE_SM_PAIR_KEY_SZ_MAX) {
             res->sm_err = BLE_SM_ERR_INVAL;
             res->app_status = BLE_HS_SM_US_ERR(BLE_SM_ERR_INVAL);
-        } else if (MYNEWT_VAL(BLE_SM_SC_ONLY)) {
-            /* Fail if Secure Connections Only mode is on and remote does not
-             * meet key size requirements - MITM was checked in last step.
-             * Fail if SC is not supported by peer or key size is too small
+        } else if (MYNEWT_VAL(BLE_SM_SC_ONLY) && !(req->authreq & 
BLE_SM_PAIR_AUTHREQ_SC)) {
+            /* Fail if Secure Connections Only mode is on and SC is not 
supported by peer
              */
-            if (!(req->authreq & BLE_SM_PAIR_AUTHREQ_SC)) {
-                res->sm_err = BLE_SM_ERR_AUTHREQ;
-                res->app_status = BLE_HS_SM_US_ERR(BLE_SM_ERR_AUTHREQ);
-            } else if (req->max_enc_key_size != BLE_SM_PAIR_KEY_SZ_MAX) {
-                res->sm_err = BLE_SM_ERR_ENC_KEY_SZ;
-                res->app_status = BLE_HS_SM_US_ERR(BLE_SM_ERR_ENC_KEY_SZ);
-            }
+            res->sm_err = BLE_SM_ERR_AUTHREQ;
+            res->app_status = BLE_HS_SM_US_ERR(BLE_SM_ERR_AUTHREQ);
+            res->enc_cb = 1;

Review Comment:
   It is not mandatory. However,  The addition of "res->enc_cb = 1;"  triggers 
the BLE_GAP_EVENT_ENC_CHANGE with the corresponding error code. This allows the 
application / upper tester to verify the IUT correct behavior without having 
over-the-air capture or PTS logs.
   I also added it for the other error codes both for pair_rsp_rx and 
pair_req_rx in the other PR: https://github.com/apache/mynewt-nimble/pull/1957
   if needed we can remove it from here and I can update the second PR with 
this addition after rebase so it won't be tight together....



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to