extmod/modbluetooth: Allow configuration of pairing/bonding parameters.

This allows setting the security and MITM-protection requirements.

Signed-off-by: Jim Mussared <jim.mussared@gmail.com>
This commit is contained in:
Jim Mussared 2020-11-24 23:54:46 +11:00 committed by Damien George
parent 05fef8c6a4
commit a1fcf30121
5 changed files with 109 additions and 6 deletions

View File

@ -53,6 +53,11 @@ STATIC const uint16_t BTSTACK_GAP_DEVICE_NAME_HANDLE = 3;
volatile int mp_bluetooth_btstack_state = MP_BLUETOOTH_BTSTACK_STATE_OFF; volatile int mp_bluetooth_btstack_state = MP_BLUETOOTH_BTSTACK_STATE_OFF;
// sm_set_authentication_requirements is set-only, so cache current value.
#if MICROPY_PY_BLUETOOTH_ENABLE_PAIRING_BONDING
STATIC uint8_t mp_bluetooth_btstack_sm_auth_req = 0;
#endif
#define ERRNO_BLUETOOTH_NOT_ACTIVE MP_ENODEV #define ERRNO_BLUETOOTH_NOT_ACTIVE MP_ENODEV
STATIC int btstack_error_to_errno(int err) { STATIC int btstack_error_to_errno(int err) {
@ -795,6 +800,39 @@ void mp_bluetooth_set_address_mode(uint8_t addr_mode) {
} }
} }
#if MICROPY_PY_BLUETOOTH_ENABLE_PAIRING_BONDING
void mp_bluetooth_set_bonding(bool enabled) {
if (enabled) {
mp_bluetooth_btstack_sm_auth_req |= SM_AUTHREQ_BONDING;
} else {
mp_bluetooth_btstack_sm_auth_req &= ~SM_AUTHREQ_BONDING;
}
sm_set_authentication_requirements(mp_bluetooth_btstack_sm_auth_req);
}
void mp_bluetooth_set_mitm_protection(bool enabled) {
if (enabled) {
mp_bluetooth_btstack_sm_auth_req |= SM_AUTHREQ_MITM_PROTECTION;
} else {
mp_bluetooth_btstack_sm_auth_req &= ~SM_AUTHREQ_MITM_PROTECTION;
}
sm_set_authentication_requirements(mp_bluetooth_btstack_sm_auth_req);
}
void mp_bluetooth_set_le_secure(bool enabled) {
if (enabled) {
mp_bluetooth_btstack_sm_auth_req |= SM_AUTHREQ_SECURE_CONNECTION;
} else {
mp_bluetooth_btstack_sm_auth_req &= ~SM_AUTHREQ_SECURE_CONNECTION;
}
sm_set_authentication_requirements(mp_bluetooth_btstack_sm_auth_req);
}
void mp_bluetooth_set_io_capability(uint8_t capability) {
sm_set_io_capabilities(capability);
}
#endif // MICROPY_PY_BLUETOOTH_ENABLE_PAIRING_BONDING
size_t mp_bluetooth_gap_get_device_name(const uint8_t **buf) { size_t mp_bluetooth_gap_get_device_name(const uint8_t **buf) {
uint8_t *value = NULL; uint8_t *value = NULL;
size_t value_len = 0; size_t value_len = 0;

View File

@ -387,6 +387,28 @@ STATIC mp_obj_t bluetooth_ble_config(size_t n_args, const mp_obj_t *args, mp_map
mp_bluetooth_set_address_mode(addr_mode); mp_bluetooth_set_address_mode(addr_mode);
break; break;
} }
#if MICROPY_PY_BLUETOOTH_ENABLE_PAIRING_BONDING
case MP_QSTR_bond: {
bool bonding_enabled = mp_obj_is_true(e->value);
mp_bluetooth_set_bonding(bonding_enabled);
break;
}
case MP_QSTR_mitm: {
bool mitm_protection = mp_obj_is_true(e->value);
mp_bluetooth_set_mitm_protection(mitm_protection);
break;
}
case MP_QSTR_io: {
mp_int_t io_capability = mp_obj_get_int(e->value);
mp_bluetooth_set_io_capability(io_capability);
break;
}
case MP_QSTR_le_secure: {
bool le_secure_required = mp_obj_is_true(e->value);
mp_bluetooth_set_le_secure(le_secure_required);
break;
}
#endif // MICROPY_PY_BLUETOOTH_ENABLE_PAIRING_BONDING
default: default:
mp_raise_ValueError(MP_ERROR_TEXT("unknown config param")); mp_raise_ValueError(MP_ERROR_TEXT("unknown config param"));
} }

View File

@ -152,6 +152,13 @@
#define MP_BLUETOOTH_ADDRESS_MODE_RPA (2) #define MP_BLUETOOTH_ADDRESS_MODE_RPA (2)
#define MP_BLUETOOTH_ADDRESS_MODE_NRPA (3) #define MP_BLUETOOTH_ADDRESS_MODE_NRPA (3)
// These match the spec values, can be used directly by the stack.
#define MP_BLUETOOTH_IO_CAPABILITY_DISPLAY_ONLY (0)
#define MP_BLUETOOTH_IO_CAPABILITY_DISPLAY_YESNO (1)
#define MP_BLUETOOTH_IO_CAPABILITY_KEYBOARD_ONLY (2)
#define MP_BLUETOOTH_IO_CAPABILITY_NO_INPUT_OUTPUT (3)
#define MP_BLUETOOTH_IO_CAPABILITY_KEYBOARD_DISPLAY (4)
/* /*
These aren't included in the module for space reasons, but can be used These aren't included in the module for space reasons, but can be used
in your Python code if necessary. in your Python code if necessary.
@ -208,6 +215,12 @@ _GATTS_ERROR_WRITE_NOT_PERMITTED = const(0x03)
_GATTS_ERROR_INSUFFICIENT_AUTHENTICATION = const(0x05) _GATTS_ERROR_INSUFFICIENT_AUTHENTICATION = const(0x05)
_GATTS_ERROR_INSUFFICIENT_AUTHORIZATION = const(0x08) _GATTS_ERROR_INSUFFICIENT_AUTHORIZATION = const(0x08)
_GATTS_ERROR_INSUFFICIENT_ENCRYPTION = const(0x0f) _GATTS_ERROR_INSUFFICIENT_ENCRYPTION = const(0x0f)
_IO_CAPABILITY_DISPLAY_ONLY = const(0)
_IO_CAPABILITY_DISPLAY_YESNO = const(1)
_IO_CAPABILITY_KEYBOARD_ONLY = const(2)
_IO_CAPABILITY_NO_INPUT_OUTPUT = const(3)
_IO_CAPABILITY_KEYBOARD_DISPLAY = const(4)
*/ */
// bluetooth.UUID type. // bluetooth.UUID type.
@ -254,6 +267,17 @@ void mp_bluetooth_get_current_address(uint8_t *addr_type, uint8_t *addr);
// Sets the addressing mode to use. // Sets the addressing mode to use.
void mp_bluetooth_set_address_mode(uint8_t addr_mode); void mp_bluetooth_set_address_mode(uint8_t addr_mode);
#if MICROPY_PY_BLUETOOTH_ENABLE_PAIRING_BONDING
// Set bonding flag in pairing requests (i.e. persist security keys).
void mp_bluetooth_set_bonding(bool enabled);
// Require MITM protection.
void mp_bluetooth_set_mitm_protection(bool enabled);
// Require LE Secure pairing (rather than Legacy Pairing)
void mp_bluetooth_set_le_secure(bool enabled);
// I/O capabilities for authentication (see MP_BLUETOOTH_IO_CAPABILITY_*).
void mp_bluetooth_set_io_capability(uint8_t capability);
#endif // MICROPY_PY_BLUETOOTH_ENABLE_PAIRING_BONDING
// Get or set the GAP device name that will be used by service 0x1800, characteristic 0x2a00. // Get or set the GAP device name that will be used by service 0x1800, characteristic 0x2a00.
size_t mp_bluetooth_gap_get_device_name(const uint8_t **buf); size_t mp_bluetooth_gap_get_device_name(const uint8_t **buf);
int mp_bluetooth_gap_set_device_name(const uint8_t *buf, size_t len); int mp_bluetooth_gap_set_device_name(const uint8_t *buf, size_t len);

View File

@ -552,6 +552,24 @@ void mp_bluetooth_set_address_mode(uint8_t addr_mode) {
} }
} }
#if MICROPY_PY_BLUETOOTH_ENABLE_PAIRING_BONDING
void mp_bluetooth_set_bonding(bool enabled) {
ble_hs_cfg.sm_bonding = enabled;
}
void mp_bluetooth_set_mitm_protection(bool enabled) {
ble_hs_cfg.sm_mitm = enabled;
}
void mp_bluetooth_set_le_secure(bool enabled) {
ble_hs_cfg.sm_sc = enabled;
}
void mp_bluetooth_set_io_capability(uint8_t capability) {
ble_hs_cfg.sm_io_cap = capability;
}
#endif // MICROPY_PY_BLUETOOTH_ENABLE_PAIRING_BONDING
size_t mp_bluetooth_gap_get_device_name(const uint8_t **buf) { size_t mp_bluetooth_gap_get_device_name(const uint8_t **buf) {
const char *name = ble_svc_gap_device_name(); const char *name = ble_svc_gap_device_name();
*buf = (const uint8_t *)name; *buf = (const uint8_t *)name;

View File

@ -116,18 +116,19 @@ int nimble_sprintf(char *str, const char *fmt, ...);
#define MYNEWT_VAL_BLE_MONITOR_UART_BUFFER_SIZE (64) #define MYNEWT_VAL_BLE_MONITOR_UART_BUFFER_SIZE (64)
#define MYNEWT_VAL_BLE_MONITOR_UART_DEV ("uart0") #define MYNEWT_VAL_BLE_MONITOR_UART_DEV ("uart0")
#define MYNEWT_VAL_BLE_RPA_TIMEOUT (300) #define MYNEWT_VAL_BLE_RPA_TIMEOUT (300)
#define MYNEWT_VAL_BLE_SM_BONDING (0)
#define MYNEWT_VAL_BLE_SM_IO_CAP (BLE_HS_IO_NO_INPUT_OUTPUT)
#define MYNEWT_VAL_BLE_SM_KEYPRESS (0) #define MYNEWT_VAL_BLE_SM_KEYPRESS (0)
#define MYNEWT_VAL_BLE_SM_LEGACY (1) #define MYNEWT_VAL_BLE_SM_LEGACY (1)
#define MYNEWT_VAL_BLE_SM_MAX_PROCS (1) #define MYNEWT_VAL_BLE_SM_MAX_PROCS (1)
#define MYNEWT_VAL_BLE_SM_MITM (0)
#define MYNEWT_VAL_BLE_SM_OOB_DATA_FLAG (0) #define MYNEWT_VAL_BLE_SM_OOB_DATA_FLAG (0)
#define MYNEWT_VAL_BLE_SM_OUR_KEY_DIST (0) #define MYNEWT_VAL_BLE_SM_OUR_KEY_DIST (7)
#define MYNEWT_VAL_BLE_SM_SC (1) #define MYNEWT_VAL_BLE_SM_THEIR_KEY_DIST (7)
#define MYNEWT_VAL_BLE_SM_THEIR_KEY_DIST (0)
#define MYNEWT_VAL_BLE_STORE_MAX_BONDS (3) #define MYNEWT_VAL_BLE_STORE_MAX_BONDS (3)
#define MYNEWT_VAL_BLE_STORE_MAX_CCCDS (8) #define MYNEWT_VAL_BLE_STORE_MAX_CCCDS (8)
// These can be overridden at runtime with ble.config(le_secure, mitm, bond, io).
#define MYNEWT_VAL_BLE_SM_SC (1)
#define MYNEWT_VAL_BLE_SM_MITM (0)
#define MYNEWT_VAL_BLE_SM_BONDING (0)
#define MYNEWT_VAL_BLE_SM_IO_CAP (BLE_HS_IO_NO_INPUT_OUTPUT)
/*** nimble/host/services/gap */ /*** nimble/host/services/gap */
#define MYNEWT_VAL_BLE_SVC_GAP_APPEARANCE (0) #define MYNEWT_VAL_BLE_SVC_GAP_APPEARANCE (0)