Skip to content

Commit 0d96988

Browse files
HexxehHexxeh
committed
bluetooth: persist our security info in host store
This appears to be needed on snowy even if it isn't needed on nrf, the LTK isn't the same for our/peer and if we return the wrong one the remote drops the connection. Signed-off-by: Liam McLoughlin <[email protected]>
1 parent 22de0ee commit 0d96988

File tree

6 files changed

+172
-109
lines changed

6 files changed

+172
-109
lines changed

src/bluetooth-fw/nimble/nimble_store.c

+158-105
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,8 @@ typedef struct {
3434
struct ble_store_value_sec value_sec;
3535
} BleStoreValue;
3636

37-
static BleStoreValue *s_value_secs;
37+
static BleStoreValue *s_peer_value_secs;
38+
static BleStoreValue *s_our_value_secs;
3839

3940
static bool prv_nimble_store_find_sec_cb(ListNode *node, void *data) {
4041
BleStoreValue *s = (BleStoreValue *)node;
@@ -43,125 +44,147 @@ static bool prv_nimble_store_find_sec_cb(ListNode *node, void *data) {
4344
return ble_addr_cmp(&s->value_sec.peer_addr, &key_sec->peer_addr) == 0;
4445
}
4546

46-
static BleStoreValue *prv_nimble_store_find_sec(const struct ble_store_key_sec *key_sec) {
47+
static ListNode **prv_find_sec_list_for_obj_type(const int obj_type) {
48+
switch (obj_type) {
49+
case BLE_STORE_OBJ_TYPE_OUR_SEC:
50+
return (ListNode **)&s_our_value_secs;
51+
case BLE_STORE_OBJ_TYPE_PEER_SEC:
52+
return (ListNode **)&s_peer_value_secs;
53+
default:
54+
assert(0);
55+
}
56+
}
57+
58+
static BleStoreValue *prv_nimble_store_find_sec(const int obj_type,
59+
const struct ble_store_key_sec *key_sec) {
60+
ListNode *sec_list = *prv_find_sec_list_for_obj_type(obj_type);
61+
4762
if (!ble_addr_cmp(&key_sec->peer_addr, BLE_ADDR_ANY)) {
48-
return (BleStoreValue *)list_get_at((ListNode *)s_value_secs, key_sec->idx);
63+
return (BleStoreValue *)list_get_at(sec_list, key_sec->idx);
4964
} else if (key_sec->idx == 0) {
50-
return (BleStoreValue *)list_find((ListNode *)s_value_secs, prv_nimble_store_find_sec_cb,
65+
return (BleStoreValue *)list_find(sec_list, prv_nimble_store_find_sec_cb,
5166
(void *)&key_sec->peer_addr);
5267
}
5368

5469
return NULL;
5570
}
5671

57-
static int prv_nimble_store_read_our_sec(const struct ble_store_key_sec *key_sec,
58-
struct ble_store_value_sec *value_sec) {
72+
static int prv_nimble_store_read_sec(const int obj_type, const struct ble_store_key_sec *key_sec,
73+
struct ble_store_value_sec *value_sec) {
5974
int ret = 0;
6075
BleStoreValue *s;
6176

6277
bt_lock();
6378

64-
s = prv_nimble_store_find_sec(key_sec);
79+
s = prv_nimble_store_find_sec(obj_type, key_sec);
6580
if (s == NULL) {
6681
ret = BLE_HS_ENOENT;
6782
goto unlock;
6883
}
6984

70-
memset(value_sec, 0, sizeof(*value_sec));
71-
72-
value_sec->peer_addr = key_sec->peer_addr;
73-
value_sec->key_size = KEY_SIZE;
74-
75-
if (s->value_sec.ltk_present) {
76-
value_sec->ediv = s->value_sec.ediv;
77-
value_sec->rand_num = s->value_sec.rand_num;
78-
value_sec->ltk_present = true;
79-
memcpy(value_sec->ltk, s->value_sec.ltk, KEY_SIZE);
80-
}
85+
*value_sec = s->value_sec;
8186

8287
unlock:
8388
bt_unlock();
8489

8590
return ret;
8691
}
8792

88-
static int prv_nimble_store_read_peer_sec(const struct ble_store_key_sec *key_sec,
89-
struct ble_store_value_sec *value_sec) {
90-
int ret = 0;
93+
static BleStoreValue *prv_nimble_store_upsert_sec(const int obj_type,
94+
const struct ble_store_value_sec *value_sec) {
9195
BleStoreValue *s;
96+
struct ble_store_key_sec key_sec;
97+
ble_store_key_from_value_sec(&key_sec, value_sec);
98+
ListNode **sec_list = prv_find_sec_list_for_obj_type(obj_type);
9299

93100
bt_lock();
94101

95-
s = prv_nimble_store_find_sec(key_sec);
102+
s = prv_nimble_store_find_sec(obj_type, &key_sec);
96103
if (s == NULL) {
97-
ret = BLE_HS_ENOENT;
98-
goto unlock;
104+
s = kernel_zalloc_check(sizeof(BleStoreValue));
105+
if (*sec_list == NULL) {
106+
*sec_list = (ListNode *)s;
107+
} else {
108+
list_append(*sec_list, (ListNode *)s);
109+
}
99110
}
100111

101-
*value_sec = s->value_sec;
112+
s->value_sec = *value_sec;
102113

103-
unlock:
104114
bt_unlock();
105115

106-
return ret;
116+
return s;
107117
}
108118

109-
static int prv_nimble_store_write_peer_sec(const struct ble_store_value_sec *value_sec) {
110-
BleStoreValue *s;
111-
struct ble_store_key_sec key_sec;
112-
BleBonding bonding;
113-
BTDeviceAddress addr;
114-
115-
if (value_sec->key_size != KEY_SIZE || value_sec->authenticated || value_sec->csrk_present) {
116-
PBL_LOG_D(LOG_DOMAIN_BT, LOG_LEVEL_ERROR, "Unsupported security parameters");
117-
return BLE_HS_ENOTSUP;
119+
static void prv_convert_peer_sec_to_bonding(const struct ble_store_value_sec *value_sec,
120+
BleBonding *bonding) {
121+
if (value_sec->ltk_present) {
122+
bonding->pairing_info.is_remote_encryption_info_valid = true;
123+
bonding->pairing_info.remote_encryption_info.ediv = value_sec->ediv;
124+
bonding->pairing_info.remote_encryption_info.rand = value_sec->rand_num;
125+
memcpy(bonding->pairing_info.remote_encryption_info.ltk.data, value_sec->ltk, KEY_SIZE);
118126
}
119127

120-
ble_store_key_from_value_sec(&key_sec, value_sec);
121-
122-
bt_lock();
128+
if (value_sec->irk_present) {
129+
bonding->pairing_info.is_remote_identity_info_valid = true;
130+
memcpy(bonding->pairing_info.irk.data, value_sec->irk, KEY_SIZE);
131+
}
132+
}
123133

124-
s = prv_nimble_store_find_sec(&key_sec);
125-
if (s == NULL) {
126-
s = kernel_zalloc_check(sizeof(BleStoreValue));
127-
if (s_value_secs == NULL) {
128-
s_value_secs = s;
129-
} else {
130-
list_append((ListNode *)s_value_secs, (ListNode *)s);
131-
}
134+
static void prv_convert_our_sec_to_bonding(const struct ble_store_value_sec *value_sec,
135+
BleBonding *bonding) {
136+
if (value_sec->ltk_present) {
137+
bonding->pairing_info.is_local_encryption_info_valid = true;
138+
bonding->pairing_info.local_encryption_info.ediv = value_sec->ediv;
139+
bonding->pairing_info.local_encryption_info.rand = value_sec->rand_num;
140+
memcpy(bonding->pairing_info.local_encryption_info.ltk.data, value_sec->ltk, KEY_SIZE);
132141
}
142+
}
133143

134-
s->value_sec = *value_sec;
144+
static void prv_notify_irk_updated(const struct ble_store_value_sec *value_sec) {
145+
BleIRKChange irk_change_event;
135146

136-
bt_unlock();
147+
irk_change_event.irk_valid = true;
148+
memcpy(irk_change_event.irk.data, value_sec->irk, KEY_SIZE);
137149

138-
// inform about new IRK
139-
if (value_sec->irk_present) {
140-
BleIRKChange irk_change_event;
150+
nimble_addr_to_pebble_device(&value_sec->peer_addr, &irk_change_event.device);
141151

142-
irk_change_event.irk_valid = true;
143-
memcpy(irk_change_event.irk.data, value_sec->irk, KEY_SIZE);
152+
bt_driver_handle_le_connection_handle_update_irk(&irk_change_event);
153+
}
144154

145-
nimble_addr_to_pebble_device(&value_sec->peer_addr, &irk_change_event.device);
155+
static void prv_notify_host_bonding_changed(const int obj_type,
156+
const struct ble_store_value_sec *value_sec) {
157+
int rc;
158+
BleBonding bonding;
159+
BTDeviceAddress addr;
160+
struct ble_store_key_sec key_sec;
161+
struct ble_store_value_sec existing_value_sec;
146162

147-
bt_driver_handle_le_connection_handle_update_irk(&irk_change_event);
148-
}
163+
ble_store_key_from_value_sec(&key_sec, value_sec);
149164

150165
// persist bonding
151166
memset(&bonding, 0, sizeof(bonding));
152167

153168
bonding.is_gateway = true;
154169

155-
if (value_sec->ltk_present) {
156-
bonding.pairing_info.is_remote_encryption_info_valid = true;
157-
bonding.pairing_info.remote_encryption_info.ediv = value_sec->ediv;
158-
bonding.pairing_info.remote_encryption_info.rand = value_sec->rand_num;
159-
memcpy(bonding.pairing_info.remote_encryption_info.ltk.data, value_sec->ltk, KEY_SIZE);
160-
}
170+
// read any existing data of the opposite type and combine with the new data before sending to the
171+
// host
172+
switch (obj_type) {
173+
case BLE_STORE_OBJ_TYPE_PEER_SEC:
174+
rc = prv_nimble_store_read_sec(BLE_STORE_OBJ_TYPE_OUR_SEC, &key_sec, &existing_value_sec);
175+
if (rc == 0) {
176+
prv_convert_our_sec_to_bonding(&existing_value_sec, &bonding);
177+
}
178+
prv_convert_peer_sec_to_bonding(value_sec, &bonding);
161179

162-
if (value_sec->irk_present) {
163-
bonding.pairing_info.is_remote_identity_info_valid = true;
164-
memcpy(bonding.pairing_info.irk.data, value_sec->irk, KEY_SIZE);
180+
break;
181+
case BLE_STORE_OBJ_TYPE_OUR_SEC:
182+
rc = prv_nimble_store_read_sec(BLE_STORE_OBJ_TYPE_PEER_SEC, &key_sec, &existing_value_sec);
183+
if (rc == 0) {
184+
prv_convert_peer_sec_to_bonding(&existing_value_sec, &bonding);
185+
}
186+
prv_convert_our_sec_to_bonding(value_sec, &bonding);
187+
break;
165188
}
166189

167190
if (value_sec->sc) {
@@ -172,27 +195,48 @@ static int prv_nimble_store_write_peer_sec(const struct ble_store_value_sec *val
172195

173196
nimble_addr_to_pebble_addr(&value_sec->peer_addr, &addr);
174197

175-
bt_driver_cb_handle_create_bonding(&bonding, &addr);
198+
if (bonding.pairing_info.is_remote_encryption_info_valid) {
199+
bt_driver_cb_handle_create_bonding(&bonding, &addr);
200+
} else {
201+
PBL_LOG_D(LOG_DOMAIN_BT, LOG_LEVEL_INFO, "Skipping notifying OS of our keys");
202+
}
203+
}
204+
205+
static int prv_nimble_store_write_sec(const int obj_type,
206+
const struct ble_store_value_sec *value_sec) {
207+
if (value_sec->key_size != KEY_SIZE || value_sec->authenticated || value_sec->csrk_present) {
208+
PBL_LOG_D(LOG_DOMAIN_BT, LOG_LEVEL_ERROR, "Unsupported security parameters");
209+
return BLE_HS_ENOTSUP;
210+
}
211+
212+
prv_nimble_store_upsert_sec(obj_type, value_sec);
213+
214+
// inform about new IRK
215+
if (obj_type == BLE_STORE_OBJ_TYPE_PEER_SEC && value_sec->irk_present) {
216+
prv_notify_irk_updated(value_sec);
217+
}
218+
219+
prv_notify_host_bonding_changed(obj_type, value_sec);
176220

177221
return 0;
178222
}
179223

180-
static int prv_nimble_store_read(int obj_type, const union ble_store_key *key,
224+
static int prv_nimble_store_read(const int obj_type, const union ble_store_key *key,
181225
union ble_store_value *value) {
182226
switch (obj_type) {
183-
case BLE_STORE_OBJ_TYPE_PEER_SEC:
184-
return prv_nimble_store_read_peer_sec(&key->sec, &value->sec);
185227
case BLE_STORE_OBJ_TYPE_OUR_SEC:
186-
return prv_nimble_store_read_our_sec(&key->sec, &value->sec);
228+
case BLE_STORE_OBJ_TYPE_PEER_SEC:
229+
return prv_nimble_store_read_sec(obj_type, &key->sec, &value->sec);
187230
default:
188231
return BLE_HS_ENOTSUP;
189232
}
190233
}
191234

192235
static int prv_nimble_store_write(int obj_type, const union ble_store_value *val) {
193236
switch (obj_type) {
237+
case BLE_STORE_OBJ_TYPE_OUR_SEC:
194238
case BLE_STORE_OBJ_TYPE_PEER_SEC:
195-
return prv_nimble_store_write_peer_sec(&val->sec);
239+
return prv_nimble_store_write_sec(obj_type, &val->sec);
196240
default:
197241
return BLE_HS_ENOTSUP;
198242
}
@@ -203,49 +247,55 @@ void nimble_store_init(void) {
203247
ble_hs_cfg.store_write_cb = prv_nimble_store_write;
204248
}
205249

206-
void bt_driver_handle_host_added_bonding(const BleBonding *bonding) {
207-
bool is_new = false;
208-
BleStoreValue *s;
209-
struct ble_store_key_sec key_sec;
210-
211-
key_sec.idx = 0;
212-
pebble_device_to_nimble_addr(&bonding->pairing_info.identity, &key_sec.peer_addr);
213-
214-
bt_lock();
215-
216-
s = prv_nimble_store_find_sec(&key_sec);
217-
if (s == NULL) {
218-
s = kernel_zalloc_check(sizeof(BleStoreValue));
219-
is_new = true;
220-
}
250+
static void prv_convert_bonding_remote_to_store_val(const BleBonding *bonding,
251+
struct ble_store_value_sec *value_sec) {
252+
memset(value_sec, 0, sizeof(struct ble_store_value_sec));
221253

222-
s->value_sec.key_size = KEY_SIZE;
254+
value_sec->key_size = KEY_SIZE;
223255

224256
if (bonding->pairing_info.is_remote_encryption_info_valid) {
225-
s->value_sec.ediv = bonding->pairing_info.remote_encryption_info.ediv;
226-
s->value_sec.rand_num = bonding->pairing_info.remote_encryption_info.rand;
227-
s->value_sec.ltk_present = true;
228-
memcpy(s->value_sec.ltk, bonding->pairing_info.remote_encryption_info.ltk.data, KEY_SIZE);
257+
value_sec->ediv = bonding->pairing_info.remote_encryption_info.ediv;
258+
value_sec->rand_num = bonding->pairing_info.remote_encryption_info.rand;
259+
value_sec->ltk_present = true;
260+
memcpy(value_sec->ltk, bonding->pairing_info.remote_encryption_info.ltk.data, KEY_SIZE);
229261
}
230262

231263
if (bonding->pairing_info.is_remote_identity_info_valid) {
232-
s->value_sec.irk_present = true;
233-
memcpy(s->value_sec.irk, bonding->pairing_info.irk.data, KEY_SIZE);
264+
value_sec->irk_present = true;
265+
memcpy(value_sec->irk, bonding->pairing_info.irk.data, KEY_SIZE);
234266
}
235267

236-
s->value_sec.sc = !!(bonding->flags & BLE_FLAG_SECURE_CONNECTIONS);
268+
value_sec->sc = !!(bonding->flags & BLE_FLAG_SECURE_CONNECTIONS);
237269

238-
pebble_device_to_nimble_addr(&bonding->pairing_info.identity, &s->value_sec.peer_addr);
270+
pebble_device_to_nimble_addr(&bonding->pairing_info.identity, &value_sec->peer_addr);
271+
}
239272

240-
if (is_new) {
241-
if (s_value_secs == NULL) {
242-
s_value_secs = s;
243-
} else {
244-
list_append((ListNode *)s_value_secs, (ListNode *)s);
245-
}
273+
static void prv_convert_bonding_local_to_store_val(const BleBonding *bonding,
274+
struct ble_store_value_sec *value_sec) {
275+
memset(value_sec, 0, sizeof(struct ble_store_value_sec));
276+
277+
value_sec->key_size = KEY_SIZE;
278+
279+
if (bonding->pairing_info.is_local_encryption_info_valid) {
280+
value_sec->ediv = bonding->pairing_info.local_encryption_info.ediv;
281+
value_sec->rand_num = bonding->pairing_info.local_encryption_info.rand;
282+
value_sec->ltk_present = true;
283+
memcpy(value_sec->ltk, bonding->pairing_info.local_encryption_info.ltk.data, KEY_SIZE);
246284
}
247285

248-
bt_unlock();
286+
value_sec->sc = !!(bonding->flags & BLE_FLAG_SECURE_CONNECTIONS);
287+
288+
pebble_device_to_nimble_addr(&bonding->pairing_info.identity, &value_sec->peer_addr);
289+
}
290+
291+
void bt_driver_handle_host_added_bonding(const BleBonding *bonding) {
292+
struct ble_store_value_sec value_sec;
293+
294+
prv_convert_bonding_remote_to_store_val(bonding, &value_sec);
295+
prv_nimble_store_upsert_sec(BLE_STORE_OBJ_TYPE_PEER_SEC, &value_sec);
296+
297+
prv_convert_bonding_local_to_store_val(bonding, &value_sec);
298+
prv_nimble_store_upsert_sec(BLE_STORE_OBJ_TYPE_OUR_SEC, &value_sec);
249299
}
250300

251301
void bt_driver_handle_host_removed_bonding(const BleBonding *bonding) {
@@ -257,8 +307,11 @@ void bt_driver_handle_host_removed_bonding(const BleBonding *bonding) {
257307

258308
bt_lock();
259309

260-
s = prv_nimble_store_find_sec(&key_sec);
261-
list_remove((ListNode *)s, (ListNode **)&s_value_secs, NULL);
310+
s = prv_nimble_store_find_sec(BLE_STORE_OBJ_TYPE_OUR_SEC, &key_sec);
311+
list_remove((ListNode *)s, (ListNode **)&s_our_value_secs, NULL);
312+
313+
s = prv_nimble_store_find_sec(BLE_STORE_OBJ_TYPE_PEER_SEC, &key_sec);
314+
list_remove((ListNode *)s, (ListNode **)&s_peer_value_secs, NULL);
262315

263316
bt_unlock();
264317

src/fw/services/normal/bluetooth/bluetooth_persistent_storage.c

+4-3
Original file line numberDiff line numberDiff line change
@@ -50,9 +50,10 @@
5050
// Let the unittest define this using a header override:
5151
# include "services/normal/bluetooth/bluetooth_persistent_storage_unittest_impl.h"
5252
#else
53-
# if BT_CONTROLLER_CC2564X
54-
# include "services/normal/bluetooth/bluetooth_persistent_storage_v1_impl.h"
55-
# elif BT_CONTROLLER_DA14681 || BT_CONTROLLER_QEMU || BT_CONTROLLER_NRF52
53+
// TODO: perhaps revert this back to v1 for cc2564x if we can figure out how to handle the old format
54+
// right now, you have to make sure you've erased all bondings before upgrading else you'll crash
55+
// because the v2 code chokes on the v1 format
56+
# if BT_CONTROLLER_DA14681 || BT_CONTROLLER_QEMU || BT_CONTROLLER_NRF52 || BT_CONTROLLER_CC2564X
5657
# include "services/normal/bluetooth/bluetooth_persistent_storage_v2_impl.h"
5758
# else
5859
# error "Unknown BT_CONTROLLER_... define?"

third_party/nimble/mynewt-nimble

Submodule mynewt-nimble updated 30 files

0 commit comments

Comments
 (0)