[ https://issues.apache.org/jira/browse/MYNEWT-750?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16052366#comment-16052366 ]
ASF subversion and git services commented on MYNEWT-750: -------------------------------------------------------- Commit b6d96411b6af18360c5a8fc4f8d31d473b99118a in incubator-mynewt-core's branch refs/heads/master from [~ccollins476] [ https://gitbox.apache.org/repos/asf?p=incubator-mynewt-core.git;h=b6d9641 ] MYNEWT-750 BLE Host - Ignore pair from bonded peer If a device is already bonded, ;he host should not allow the same device to pair again. Currently, the host blindly proceeds with the pairing operation. This should not be allowed because the second peer could be an imposter masquerading as the original. New behavior in such a scenario: 1. Host notifies application of the duplicate pairing attempt via the gap event callback. The callback specifies a new event code (BLE_GAP_EVENT_REPEAT_PAIRING) that specifically indicates a duplicate pairing attempt. 2. The gap event callback returns an error code indicating which of the following behaviors to perform: a. Retry: Return BLE_GAP_REPEAT_PAIRING_RETRY after deleting the conflicting bond. The stack will verify the bond has been deleted and continue the pairing procedure. If the bond is still present, this event will be reported again. b. Ignore: Return BLE_GAP_REPEAT_PAIRING_IGNORE. The stack will silently ignore the pairing request. > BLE Host - Ignore pairing attempt from already bonded peer > ---------------------------------------------------------- > > Key: MYNEWT-750 > URL: https://issues.apache.org/jira/browse/MYNEWT-750 > Project: Mynewt > Issue Type: Bug > Security Level: Public(Viewable by anyone) > Components: Nimble > Reporter: Christopher Collins > Assignee: Christopher Collins > Fix For: v1_1_0_rel > > > (Pull request: https://github.com/apache/incubator-mynewt-core/pull/287) > If a device is already bonded, the host should not allow the same device to > pair again. Currently, the host blindly proceeds with the pairing operation. > This should not be allowed because the second peer could be an imposter > masquerading as the original. > I propose the following behavior in such a scenario: > # Host notifies application of the duplicate pairing attempt via the gap > event callback. The callback would specify a new event code that > specifically indicates a duplicate pairing attempt. > # The gap event callback would return an error code indicating which of the > following behaviors to perform: > ## Retry: Return BLE_GAP_REPEAT_PAIRING_RETRY after deleting the conflicting > bond. The stack will verify the bond has been deleted and continue the > pairing procedure. If the bond is still present, this event will be reported > again. > ## Ignore: Return BLE_GAP_REPEAT_PAIRING_IGNORE. The stack will silently > ignore the pairing request. -- This message was sent by Atlassian JIRA (v6.4.14#64029)