From 90a5c0e06b9143030ba49b1d29b2dc269c307399 Mon Sep 17 00:00:00 2001 From: Sumeet Singh Date: Fri, 5 Jan 2024 12:29:15 +0530 Subject: [PATCH] Signed Write support --- nimble/host/include/host/ble_att.h | 3 + nimble/host/include/host/ble_gatt.h | 15 +++ nimble/host/include/host/ble_store.h | 2 + nimble/host/src/ble_att.c | 1 + nimble/host/src/ble_att_clt.c | 88 ++++++++++++++ nimble/host/src/ble_att_cmd_priv.h | 14 +++ nimble/host/src/ble_att_priv.h | 4 + nimble/host/src/ble_att_svr.c | 107 +++++++++++++++++- nimble/host/src/ble_gatt_priv.h | 2 + nimble/host/src/ble_gattc.c | 65 +++++++++++ nimble/host/src/ble_sm.c | 103 +++++++++++++++++ nimble/host/src/ble_sm_alg.c | 2 +- nimble/host/src/ble_sm_priv.h | 9 ++ .../host/store/config/src/ble_store_config.c | 2 +- nimble/include/nimble/nimble_opt_auto.h | 4 + 15 files changed, 418 insertions(+), 3 deletions(-) diff --git a/nimble/host/include/host/ble_att.h b/nimble/host/include/host/ble_att.h index bfd7adf10f..1e40fbf79e 100644 --- a/nimble/host/include/host/ble_att.h +++ b/nimble/host/include/host/ble_att.h @@ -209,6 +209,9 @@ struct os_mbuf; /** Write Command. */ #define BLE_ATT_OP_WRITE_CMD 0x52 +/** Signed Write Command. */ +#define BLE_ATT_OP_SIGNED_WRITE_CMD 0xD2 + /** @} */ /** Maximum length of an Attribute Protocol (ATT) attribute. */ diff --git a/nimble/host/include/host/ble_gatt.h b/nimble/host/include/host/ble_gatt.h index 0f811e7330..2196e8f486 100644 --- a/nimble/host/include/host/ble_gatt.h +++ b/nimble/host/include/host/ble_gatt.h @@ -534,6 +534,21 @@ int ble_gattc_write_no_rsp(uint16_t conn_handle, uint16_t attr_handle, int ble_gattc_write_no_rsp_flat(uint16_t conn_handle, uint16_t attr_handle, const void *data, uint16_t data_len); +/** + * Initiates GATT procedure: Signed Write. This function consumes the + * supplied mbuf regardless of the outcome. + * + * @param conn_handle The connection over which to execute the + * procedure. + * @param attr_handle The handle of the characteristic value to write + * to. + * @param txom The value to write to the characteristic. + * + * @return 0 on success; nonzero on failure. + */ +int ble_gattc_signed_write(uint16_t conn_handle, uint16_t attr_handle, + struct os_mbuf * txom); + /** * Initiates GATT procedure: Write Characteristic Value. This function * consumes the supplied mbuf regardless of the outcome. diff --git a/nimble/host/include/host/ble_store.h b/nimble/host/include/host/ble_store.h index 83b1c4f15f..545b3d867e 100644 --- a/nimble/host/include/host/ble_store.h +++ b/nimble/host/include/host/ble_store.h @@ -110,6 +110,8 @@ struct ble_store_value_sec { uint8_t csrk[16]; /** Flag indicating if Connection Signature Resolving Key is present. */ uint8_t csrk_present:1; + /** Sign Counter */ + uint32_t sign_counter; /** Flag indicating whether the connection is authenticated. */ unsigned authenticated:1; diff --git a/nimble/host/src/ble_att.c b/nimble/host/src/ble_att.c index 5e221824c3..1db61da829 100644 --- a/nimble/host/src/ble_att.c +++ b/nimble/host/src/ble_att.c @@ -73,6 +73,7 @@ static const struct ble_att_rx_dispatch_entry ble_att_rx_dispatch[] = { { BLE_ATT_OP_READ_MULT_VAR_RSP, ble_att_clt_rx_read_mult_var }, { BLE_ATT_OP_NOTIFY_MULTI_REQ, ble_att_svr_rx_notify_multi}, { BLE_ATT_OP_WRITE_CMD, ble_att_svr_rx_write_no_rsp }, + { BLE_ATT_OP_SIGNED_WRITE_CMD, ble_att_svr_rx_signed_write }, }; #define BLE_ATT_RX_DISPATCH_SZ \ diff --git a/nimble/host/src/ble_att_clt.c b/nimble/host/src/ble_att_clt.c index 3423e25e86..ecbfeff67d 100644 --- a/nimble/host/src/ble_att_clt.c +++ b/nimble/host/src/ble_att_clt.c @@ -26,6 +26,10 @@ #include "host/ble_uuid.h" #include "ble_hs_priv.h" +#ifndef MIN +#define MIN(a, b) (((a) < (b)) ? (a) : (b)) +#endif + #if NIMBLE_BLE_CONNECT /***************************************************************************** * $error response * @@ -771,6 +775,90 @@ ble_att_clt_rx_write(uint16_t conn_handle, uint16_t cid, struct os_mbuf **rxom) return 0; } +int +ble_att_clt_tx_signed_write_cmd(uint16_t conn_handle, uint16_t handle, uint8_t *csrk, + uint32_t counter, struct os_mbuf *txom) +{ +#if !NIMBLE_BLE_ATT_CLT_SIGNED_WRITE + return BLE_HS_ENOTSUP; +#endif + + struct ble_att_signed_write_cmd *cmd; + struct os_mbuf *txom2; + uint8_t cmac[16]; + uint8_t *message = NULL; + int rc; + int i; + + BLE_HS_LOG(DEBUG, "ble_att_clt_tx_signed_write_cmd(): "); + for (i = 0; i < OS_MBUF_PKTLEN(txom); i++) { + BLE_HS_LOG(DEBUG, "0x%02x", (OS_MBUF_DATA(txom, uint8_t *))[i]); + } + + cmd = ble_att_cmd_get(BLE_ATT_OP_SIGNED_WRITE_CMD, + sizeof(*cmd), &txom2); + if (cmd == NULL) { + rc = BLE_HS_ENOMEM; + goto err; + } + cmd->handle = htole16(handle); + + /* Message to be signed is message||sign_counter, + * where || represents concatenation + */ + message = malloc(OS_MBUF_PKTLEN(txom) + sizeof(counter)); + rc = os_mbuf_copydata(txom, 0, OS_MBUF_PKTLEN(txom), message); + if (rc != 0) { + goto err; + } + memcpy(&message[OS_MBUF_PKTLEN(txom)], &counter, sizeof(counter)); + + /* ble_sm_alg_aes_cmac takes data in little-endian format, + * so converting it to LE. + */ + swap_in_place(message, OS_MBUF_PKTLEN(txom) + sizeof(counter)); + + /* Getting the CMAC (Cipher-based Message Authentication Code) + * for the message using our CSRK for this connection. + */ + memset(cmac, 0, sizeof cmac); + rc = ble_sm_alg_aes_cmac(csrk, message, + OS_MBUF_PKTLEN(txom) + sizeof(counter), cmac); + if (rc != 0) { + goto err; + } + + /* After using the csrk to sign data, + * the sign counter needs to be updated. + */ + rc = ble_sm_incr_our_sign_counter(conn_handle); + if (rc != 0) { + goto err; + } + + /* Converting cmac to little-endian */ + swap_in_place(cmac, sizeof(cmac)); + + /* Creating final signed message */ + rc = os_mbuf_append(txom, (void *)&counter, sizeof(counter)); + if (rc != 0) { + goto err; + } + rc = os_mbuf_copyinto(txom, OS_MBUF_PKTLEN(txom), + cmac + (sizeof(cmac)/2), sizeof(cmac)/2); + if (rc != 0) { + goto err; + } + + if(message != NULL) free(message); + os_mbuf_concat(txom2, txom); + return ble_att_tx(conn_handle, txom2); +err: + if(message != NULL) free(message); + os_mbuf_free_chain(txom2); + return rc; +} + /***************************************************************************** * $prepare write request * *****************************************************************************/ diff --git a/nimble/host/src/ble_att_cmd_priv.h b/nimble/host/src/ble_att_cmd_priv.h index 78c60d5ef4..5deb6812e9 100644 --- a/nimble/host/src/ble_att_cmd_priv.h +++ b/nimble/host/src/ble_att_cmd_priv.h @@ -367,6 +367,20 @@ struct ble_att_write_cmd { uint8_t value[0]; } __attribute__((packed)); +/** + * | Parameter | Size (octets) | + * +------------------------------------+-------------------+ + * | Attribute Opcode | 1 | + * | Attribute Handle | 2 | + * | Attribute Value | 0 to (ATT_MTU-15) | + * | Authentication Signature | 12 | + */ +#define BLE_ATT_SIGNED_WRITE_CMD_BASE_SZ 15 +#define BLE_ATT_SIGNED_WRITE_DATA_OFFSET 3 +struct ble_att_signed_write_cmd { + uint16_t handle; +} __attribute__((packed)); + void ble_att_error_rsp_parse(const void *payload, int len, struct ble_att_error_rsp *rsp); void ble_att_error_rsp_write(void *payload, int len, diff --git a/nimble/host/src/ble_att_priv.h b/nimble/host/src/ble_att_priv.h index ac65250f93..6fc1941646 100644 --- a/nimble/host/src/ble_att_priv.h +++ b/nimble/host/src/ble_att_priv.h @@ -203,6 +203,7 @@ int ble_att_svr_rx_read_mult_var(uint16_t conn_handle, uint16_t cid, int ble_att_svr_rx_write(uint16_t conn_handle, uint16_t cid, struct os_mbuf **rxom); int ble_att_svr_rx_write_no_rsp(uint16_t conn_handle, uint16_t cid, struct os_mbuf **rxom); +int ble_att_svr_rx_signed_write(uint16_t conn_handle, struct os_mbuf **rxom); int ble_att_svr_rx_prep_write(uint16_t conn_handle, uint16_t cid, struct os_mbuf **rxom); int ble_att_svr_rx_exec_write(uint16_t conn_handle, uint16_t cid, @@ -295,6 +296,9 @@ int ble_att_clt_rx_prep_write(uint16_t conn_handle, uint16_t cid, struct os_mbuf **rxom); int ble_att_clt_tx_exec_write(uint16_t conn_handle, uint16_t cid, uint8_t flags); +int ble_att_clt_tx_signed_write_cmd(uint16_t conn_handle, uint16_t handle, + uint8_t * csrk, uint32_t counter, + struct os_mbuf * txom); int ble_att_clt_rx_exec_write(uint16_t conn_handle, uint16_t cid, struct os_mbuf **rxom); int ble_att_clt_rx_write(uint16_t conn_handle, uint16_t cid, struct os_mbuf **rxom); int ble_att_clt_tx_notify(uint16_t conn_handle, uint16_t handle, diff --git a/nimble/host/src/ble_att_svr.c b/nimble/host/src/ble_att_svr.c index aad64f687d..8057d48901 100644 --- a/nimble/host/src/ble_att_svr.c +++ b/nimble/host/src/ble_att_svr.c @@ -2153,6 +2153,111 @@ ble_att_svr_rx_write_no_rsp(uint16_t conn_handle, uint16_t cid, struct os_mbuf * return ble_att_svr_write_handle(conn_handle, handle, 0, rxom, &att_err); } +int +ble_att_svr_rx_signed_write(uint16_t conn_handle, struct os_mbuf **rxom) +{ +#if !MYNEWT_VAL(BLE_ATT_SVR_SIGNED_WRITE) + return BLE_HS_ENOTSUP; +#endif + + struct ble_att_signed_write_cmd *req; + struct ble_store_value_sec value_sec; + struct ble_store_key_sec key_sec; + struct ble_gap_conn_desc desc; + uint8_t att_err; + uint16_t handle; + uint8_t sign[12]; + uint8_t cmac[16]; + uint8_t *message = NULL; + int rc; + + rc = ble_gap_conn_find(conn_handle, &desc); + if (rc != 0) { + goto err; + } + + memset(&key_sec, 0, sizeof key_sec); + key_sec.peer_addr = desc.peer_id_addr; + + /* Getting the CSRK for authentication */ + rc = ble_store_read_peer_sec(&key_sec, &value_sec); + if (rc != 0) { + goto err; + } + if (value_sec.csrk_present != 1) { + rc = BLE_HS_EAUTHEN; + goto err; + } + + rc = ble_att_svr_pullup_req_base(rxom, sizeof(*req), &att_err); + if (rc != 0) { + return rc; + } + + req = (struct ble_att_signed_write_cmd *)(*rxom)->om_data; + + handle = le16toh(req->handle); + + /* Strip the request base from the front of the mbuf. */ + os_mbuf_adj(*rxom, sizeof(*req)); + + os_mbuf_copydata(*rxom, + OS_MBUF_PKTLEN(*rxom) - (BLE_ATT_SIGNED_WRITE_CMD_BASE_SZ - BLE_ATT_SIGNED_WRITE_DATA_OFFSET), + BLE_ATT_SIGNED_WRITE_CMD_BASE_SZ - BLE_ATT_SIGNED_WRITE_DATA_OFFSET, + sign); + + /* Strip the signature from the end of the mbuf. */ + os_mbuf_adj(*rxom, -(BLE_ATT_SIGNED_WRITE_CMD_BASE_SZ - BLE_ATT_SIGNED_WRITE_DATA_OFFSET)); + + /* Authentication procedure */ + message = malloc(OS_MBUF_PKTLEN(*rxom) + sizeof(value_sec.sign_counter)); + os_mbuf_copydata(*rxom, 0, OS_MBUF_PKTLEN(*rxom), message); + memcpy(&message[OS_MBUF_PKTLEN(*rxom)], &value_sec.sign_counter, sizeof(value_sec.sign_counter)); + + /* Converting message into little endian format */ + swap_in_place(message, OS_MBUF_PKTLEN(*rxom) + sizeof(value_sec.sign_counter)); + + /* Using AES-CMAC to get the CMAC from the message and CSRK of this device */ + memset(cmac, 0, sizeof cmac); + rc = ble_sm_alg_aes_cmac(value_sec.csrk, message, OS_MBUF_PKTLEN(*rxom) + sizeof(value_sec.sign_counter), cmac); + if (rc != 0) { + goto err; + } + + /* Converting cmac to little endian */ + swap_in_place(cmac, sizeof cmac); + + /* Comparing sign counter */ + if(memcmp(sign, &value_sec.sign_counter, sizeof(value_sec.sign_counter)) != 0) { + rc = BLE_HS_EAUTHEN; + goto err; + } + + /* Comparing signature */ + if(memcmp(&sign[sizeof(value_sec.sign_counter)], &cmac[sizeof(cmac) / 2], sizeof(cmac) / 2) != 0) { + rc = BLE_HS_EAUTHEN; + goto err; + } + + /* Signature matches, increment sign counter and pass the data to the upper layer */ + rc = ble_sm_incr_peer_sign_counter(conn_handle); + if (rc != 0) { + goto err; + } + + rc = ble_att_svr_write_handle(conn_handle, handle, 0, rxom, &att_err); + if (rc != 0) { + goto err; + } + + if(message != NULL) free(message); + return 0; +err: + if(message != NULL) free(message); + ble_gap_terminate(conn_handle, BLE_ERR_AUTH_FAIL); + return rc; +} + int ble_att_svr_write_local(uint16_t attr_handle, struct os_mbuf *om) { @@ -2858,7 +2963,7 @@ ble_att_svr_reset(void) } ble_att_svr_id = 0; - + /* Note: prep entries do not get freed here because it is assumed there are * no established connections. */ diff --git a/nimble/host/src/ble_gatt_priv.h b/nimble/host/src/ble_gatt_priv.h index eb778293cd..b81ba8f7b4 100644 --- a/nimble/host/src/ble_gatt_priv.h +++ b/nimble/host/src/ble_gatt_priv.h @@ -56,6 +56,8 @@ STATS_SECT_START(ble_gattc_stats) STATS_SECT_ENTRY(read_long_fail) STATS_SECT_ENTRY(read_mult) STATS_SECT_ENTRY(read_mult_fail) + STATS_SECT_ENTRY(signed_write) + STATS_SECT_ENTRY(signed_write_fail) STATS_SECT_ENTRY(write_no_rsp) STATS_SECT_ENTRY(write_no_rsp_fail) STATS_SECT_ENTRY(write) diff --git a/nimble/host/src/ble_gattc.c b/nimble/host/src/ble_gattc.c index 2d42856b8f..b1c37a94d2 100644 --- a/nimble/host/src/ble_gattc.c +++ b/nimble/host/src/ble_gattc.c @@ -462,6 +462,8 @@ STATS_NAME_START(ble_gattc_stats) STATS_NAME(ble_gattc_stats, read_long_fail) STATS_NAME(ble_gattc_stats, read_mult) STATS_NAME(ble_gattc_stats, read_mult_fail) + STATS_NAME(ble_gattc_stats, signed_write) + STATS_NAME(ble_gattc_stats, signed_write_fail) STATS_NAME(ble_gattc_stats, write_no_rsp) STATS_NAME(ble_gattc_stats, write_no_rsp_fail) STATS_NAME(ble_gattc_stats, write) @@ -616,6 +618,13 @@ ble_gattc_log_write(uint16_t att_handle, uint16_t len, int expecting_rsp) BLE_HS_LOG(INFO, "att_handle=%d len=%d\n", att_handle, len); } +static void +ble_gattc_log_signed_write(uint16_t att_handle, uint16_t len) +{ + ble_gattc_log_proc_init("signed write; "); + BLE_HS_LOG(INFO, "att_handle=%d len=%d\n", att_handle, len); +} + static void ble_gattc_log_write_long(struct ble_gattc_proc *proc) { @@ -3623,6 +3632,62 @@ ble_gattc_write_no_rsp_flat(uint16_t conn_handle, uint16_t attr_handle, return 0; } +/***************************************************************************** + * $signed write * + ****************************************************************************/ + +int +ble_gattc_signed_write(uint16_t conn_handle, uint16_t attr_handle, + struct os_mbuf *txom) +{ +#if !MYNEWT_VAL(BLE_GATT_SIGNED_WRITE) + return BLE_HS_ENOTSUP; +#endif + + int rc; + struct ble_store_value_sec value_sec; + struct ble_store_key_sec key_sec; + struct ble_gap_conn_desc desc; + + STATS_INC(ble_gattc_stats, signed_write); + + ble_gattc_log_signed_write(attr_handle, OS_MBUF_PKTLEN(txom)); + + rc = ble_gap_conn_find(conn_handle, &desc); + if (rc != 0) { + goto err; + } + if (desc.sec_state.encrypted == 1) { + rc = BLE_HS_EENCRYPT; + goto err; + } + + memset(&key_sec, 0, sizeof key_sec); + key_sec.peer_addr = desc.peer_id_addr; + + /* Getting the CSRK for signing */ + rc = ble_store_read_our_sec(&key_sec, &value_sec); + if (rc != 0) { + goto err; + } + if (value_sec.csrk_present != 1) { + rc = BLE_HS_EAUTHEN; + goto err; + } + + rc = ble_att_clt_tx_signed_write_cmd(conn_handle, attr_handle, + value_sec.csrk, value_sec.sign_counter, txom); + if (rc != 0) { + goto err; + } + + return 0; +err: + STATS_INC(ble_gattc_stats, signed_write_fail); + os_mbuf_free_chain(txom); + return rc; +} + /***************************************************************************** * $write * *****************************************************************************/ diff --git a/nimble/host/src/ble_sm.c b/nimble/host/src/ble_sm.c index 0b7c28db59..81772831b9 100644 --- a/nimble/host/src/ble_sm.c +++ b/nimble/host/src/ble_sm.c @@ -490,6 +490,7 @@ ble_sm_fill_store_value(const ble_addr_t *peer_addr, if (keys->csrk_valid) { memcpy(value_sec->csrk, keys->csrk, sizeof value_sec->csrk); + value_sec->sign_counter = keys->sign_counter; value_sec->csrk_present = 1; } } @@ -2264,6 +2265,7 @@ ble_sm_key_exch_exec(struct ble_sm_proc *proc, struct ble_sm_result *res, memcpy(sign_info->sig_key, proc->our_keys.csrk, 16); } proc->our_keys.csrk_valid = 1; + proc->our_keys.sign_counter = 0; rc = ble_sm_tx(proc->conn_handle, txom); if (rc != 0) { @@ -2465,6 +2467,7 @@ ble_sm_sign_info_rx(uint16_t conn_handle, struct os_mbuf **om, memcpy(proc->peer_keys.csrk, cmd->sig_key, 16); proc->peer_keys.csrk_valid = 1; + proc->peer_keys.sign_counter = 0; ble_sm_key_rxed(proc, res); } @@ -2497,6 +2500,106 @@ ble_sm_fail_rx(uint16_t conn_handle, struct os_mbuf **om, * $api * *****************************************************************************/ +/** + * API to be used to increment the sign-counter whenever the CSRK is used + * to sign a message. + * + * @param conn_handle The connection_handle of the peer to whom + * the signed message is sent, and with + * whom the CSRK was shared that was used + * to sign the message. + */ +int +ble_sm_incr_our_sign_counter(uint16_t conn_handle) +{ + struct ble_store_key_sec key_sec; + struct ble_store_value_sec value_sec; + struct ble_gap_conn_desc desc; + int rc; + + rc = ble_gap_conn_find(conn_handle, &desc); + if (rc != 0) { + return rc; + } + + memset(&key_sec, 0, sizeof key_sec); + key_sec.peer_addr = desc.peer_id_addr; + + rc = ble_store_read_our_sec(&key_sec, &value_sec); + if (rc != 0) { + return rc; + } + if (value_sec.csrk_present != 1) { + return BLE_HS_ENOENT; + } + if (value_sec.sign_counter == (uint32_t)0xffffffff) { + return BLE_HS_ENOMEM; + } + + rc = ble_store_delete_our_sec(&key_sec); + if (rc != 0) { + return rc; + } + + value_sec.sign_counter += 1; + rc = ble_store_write_our_sec(&value_sec); + if (rc != 0) { + return rc; + } + + return 0; +} + +/** + * API to be used to increment the sign-counter whenever the CSRK is used + * to authenticate a received signed message. + * + * @param conn_handle The connection_handle of the peer from whom + * the signed message is received, and with + * whom the CSRK was shared that was used + * to authenticate the signed message. + */ +int +ble_sm_incr_peer_sign_counter(uint16_t conn_handle) +{ + struct ble_store_key_sec key_sec; + struct ble_store_value_sec value_sec; + struct ble_gap_conn_desc desc; + int rc; + + rc = ble_gap_conn_find(conn_handle, &desc); + if (rc != 0) { + return rc; + } + + memset(&key_sec, 0, sizeof key_sec); + key_sec.peer_addr = desc.peer_id_addr; + + rc = ble_store_read_peer_sec(&key_sec, &value_sec); + if (rc != 0) { + return rc; + } + if (value_sec.csrk_present != 1) { + return BLE_HS_ENOENT; + } + if (value_sec.sign_counter == (uint32_t)0xffffffff) { + return BLE_HS_ENOMEM; + } + + rc = ble_store_delete_peer_sec(&key_sec); + if (rc != 0) { + return rc; + } + + value_sec.sign_counter += 1; + rc = ble_store_write_peer_sec(&value_sec); + if (rc != 0) { + return rc; + } + + return 0; +} + /** * Times out expired SM procedures. * diff --git a/nimble/host/src/ble_sm_alg.c b/nimble/host/src/ble_sm_alg.c index bf81f21ffb..64c70727c5 100644 --- a/nimble/host/src/ble_sm_alg.c +++ b/nimble/host/src/ble_sm_alg.c @@ -202,7 +202,7 @@ ble_sm_alg_log_buf(const char *name, const uint8_t *buf, int len) * @param len Length of the message in octets. * @param out Output; message authentication code. */ -static int +int ble_sm_alg_aes_cmac(const uint8_t *key, const uint8_t *in, size_t len, uint8_t *out) { diff --git a/nimble/host/src/ble_sm_priv.h b/nimble/host/src/ble_sm_priv.h index d8e1f0358e..710f3f4c21 100644 --- a/nimble/host/src/ble_sm_priv.h +++ b/nimble/host/src/ble_sm_priv.h @@ -231,6 +231,7 @@ struct ble_sm_keys { unsigned irk_valid:1; unsigned csrk_valid:1; unsigned addr_valid:1; + uint32_t sign_counter; uint16_t ediv; uint64_t rand_val; uint8_t addr_type; @@ -401,6 +402,10 @@ void ble_sm_ia_ra(struct ble_sm_proc *proc, uint8_t *out_iat, uint8_t *out_ia, uint8_t *out_rat, uint8_t *out_ra); +int ble_sm_incr_our_sign_counter(uint16_t conn_handle); +int ble_sm_incr_peer_sign_counter(uint16_t conn_handle); +int ble_sm_alg_aes_cmac(const uint8_t *key, const uint8_t *in, size_t len, + uint8_t *out); int32_t ble_sm_timer(void); void ble_sm_connection_broken(uint16_t conn_handle); int ble_sm_pair_initiate(uint16_t conn_handle); @@ -411,6 +416,10 @@ int ble_sm_enc_initiate(uint16_t conn_handle, uint8_t key_size, int ble_sm_init(void); #else +#define ble_sm_incr_our_sign_counter(uint16_t conn_handle) BLE_HS_ENOTSUP +#define ble_sm_incr_peer_sign_counter(uint16_t conn_handle) BLE_HS_ENOTSUP +#define ble_sm_alg_aes_cmac(const uint8_t *key, const uint8_t *in, size_t len, \ + uint8_t *out) BLE_HS_ENOTSUP #define ble_sm_enc_change_rx(evt) ((void)(evt)) #define ble_sm_ltk_req_rx(evt) ((void)(evt)) #define ble_sm_enc_key_refresh_rx(evt) ((void)(evt)) diff --git a/nimble/host/store/config/src/ble_store_config.c b/nimble/host/store/config/src/ble_store_config.c index 0ee8906c69..d09830f616 100644 --- a/nimble/host/store/config/src/ble_store_config.c +++ b/nimble/host/store/config/src/ble_store_config.c @@ -69,7 +69,7 @@ ble_store_config_print_value_sec(const struct ble_store_value_sec *sec) if (sec->csrk_present) { BLE_HS_LOG(DEBUG, "csrk="); ble_hs_log_flat_buf(sec->csrk, 16); - BLE_HS_LOG(DEBUG, " "); + BLE_HS_LOG(DEBUG, " sign_counter = %u", sec->sign_counter); } BLE_HS_LOG(DEBUG, "\n"); diff --git a/nimble/include/nimble/nimble_opt_auto.h b/nimble/include/nimble/nimble_opt_auto.h index 55f6219917..9de0fcc6a5 100644 --- a/nimble/include/nimble/nimble_opt_auto.h +++ b/nimble/include/nimble/nimble_opt_auto.h @@ -85,6 +85,10 @@ extern "C" { #define NIMBLE_BLE_ATT_CLT_READ_GROUP_TYPE \ (MYNEWT_VAL(BLE_GATT_DISC_ALL_SVCS)) +#undef NIMBLE_BLE_ATT_CLT_SIGNED_WRITE +#define NIMBLE_BLE_ATT_CLT_SIGNED_WRITE \ + (MYNEWT_VAL(BLE_GATT_SIGNED_WRITE)) + #undef NIMBLE_BLE_ATT_CLT_WRITE #define NIMBLE_BLE_ATT_CLT_WRITE \ (MYNEWT_VAL(BLE_GATT_WRITE))