Disable bonding; Another try to disable secure pairing

author: Michele Bini <michele.bini@gmail.com> 2022-03-24 11:52:51 (GMT)
committer: Michele Bini <michele.bini@gmail.com> 2022-03-24 11:52:51 (GMT)
commit: e78a9401ac707fe75da54fdc6ce6c3aa89032360 (patch)
tree: 7e078b0ca8a4f3222197d0e19a038bf4bc187a17 /src/components/ble
parent: 3c29183dd22d33928ac62c65a378922d49fa06e9 (diff)
2 files changed, 0 insertions, 131 deletions
diff --git a/src/components/ble/NimbleController.cpp b/src/components/ble/NimbleController.cpp
index f490144..ee9509b 100644
--- a/src/components/ble/NimbleController.cpp
+++ b/src/components/ble/NimbleController.cpp
@@ -127,8 +127,6 @@ void NimbleController::Init() {
   rc = ble_gatts_start();
   ASSERT(rc == 0);
 
-  RestoreBond();
-
   StartAdvertising();
 }
 
@@ -210,10 +208,6 @@ int NimbleController::OnGAPEvent(ble_gap_event* event) {
       NRF_LOG_INFO("Disconnect event : BLE_GAP_EVENT_DISCONNECT");
       NRF_LOG_INFO("disconnect reason=%d", event->disconnect.reason);
 
-      if (event->disconnect.conn.sec_state.bonded) {
-        PersistBond(event->disconnect.conn);
-      }
-
       currentTimeClient.Reset();
       alertNotificationClient.Reset();
       connectionHandle = BLE_HS_CONN_HANDLE_NONE;
@@ -248,9 +242,6 @@ int NimbleController::OnGAPEvent(ble_gap_event* event) {
       if (event->enc_change.status == 0) {
         struct ble_gap_conn_desc desc;
         ble_gap_conn_find(event->enc_change.conn_handle, &desc);
-        if (desc.sec_state.bonded) {
-          PersistBond(desc);
-        }
 
         NRF_LOG_INFO("new state: encrypted=%d authenticated=%d bonded=%d key_size=%d",
                      desc.sec_state.encrypted,
@@ -261,48 +252,7 @@ int NimbleController::OnGAPEvent(ble_gap_event* event) {
       break;
 
     case BLE_GAP_EVENT_PASSKEY_ACTION:
-      /* Authentication has been requested for this connection.
-       *
-       * BLE authentication is determined by the combination of I/O capabilities
-       * on the central and peripheral. When the peripheral is display only and
-       * the central has a keyboard and display then passkey auth is selected.
-       * When both the central and peripheral have displays and support yes/no
-       * buttons then numeric comparison is selected. We currently advertise
-       * display capability only so we only handle the "display" action here.
-       *
-       * Standards insist that the rand() PRNG be deterministic.
-       * Use the tinycrypt prng here since rand() is predictable.
-       */
       NRF_LOG_INFO("Security event : BLE_GAP_EVENT_PASSKEY_ACTION");
-      if (event->passkey.params.action == BLE_SM_IOACT_DISP) {
-        struct ble_sm_io pkey = {0};
-        pkey.action = event->passkey.params.action;
-
-        /*
-         * Passkey is a 6 digits code (1'000'000 possibilities).
-         * It is important every possible value has an equal probability
-         * of getting generated. Simply applying a modulo creates a bias
-         * since 2^32 is not a multiple of 1'000'000.
-         * To prevent that, we can reject values greater than 999'999.
-         *
-         * Rejecting values would happen a lot since 2^32-1 is way greater
-         * than 1'000'000. An optimisation is to use a multiple of 1'000'000.
-         * The greatest multiple of 1'000'000 lesser than 2^32-1 is
-         * 4'294'000'000.
-         *
-         * Great explanation at:
-         * https://research.kudelskisecurity.com/2020/07/28/the-definitive-guide-to-modulo-bias-and-how-to-avoid-it/
-         */
-        uint32_t passkey_rand;
-        do {
-          passkey_rand = ble_ll_rand();
-        } while (passkey_rand > 4293999999);
-        pkey.passkey = passkey_rand % 1000000;
-
-        bleController.SetPairingKey(pkey.passkey);
-        systemTask.PushMessage(Pinetime::System::Messages::OnPairing);
-        ble_sm_inject_io(event->passkey.conn_handle, &pkey);
-      }
       break;
 
     case BLE_GAP_EVENT_SUBSCRIBE:
@@ -413,81 +363,3 @@ void NimbleController::DisableRadio() {
   }
 }
 
-void NimbleController::PersistBond(struct ble_gap_conn_desc& desc) {
-  union ble_store_key key;
-  union ble_store_value our_sec, peer_sec, peer_cccd_set[MYNEWT_VAL(BLE_STORE_MAX_CCCDS)] = {0};
-  int rc;
-
-  memset(&key, 0, sizeof key);
-  memset(&our_sec, 0, sizeof our_sec);
-  key.sec.peer_addr = desc.peer_id_addr;
-  rc = ble_store_read_our_sec(&key.sec, &our_sec.sec);
-
-  if (memcmp(&our_sec.sec, &bondId, sizeof bondId) == 0) {
-    return;
-  }
-
-  memcpy(&bondId, &our_sec.sec, sizeof bondId);
-
-  memset(&key, 0, sizeof key);
-  memset(&peer_sec, 0, sizeof peer_sec);
-  key.sec.peer_addr = desc.peer_id_addr;
-  rc += ble_store_read_peer_sec(&key.sec, &peer_sec.sec);
-
-  if (rc == 0) {
-    memset(&key, 0, sizeof key);
-    key.cccd.peer_addr = desc.peer_id_addr;
-    int peer_count = 0;
-    ble_store_util_count(BLE_STORE_OBJ_TYPE_CCCD, &peer_count);
-    for (int i = 0; i < peer_count; i++) {
-      key.cccd.idx = peer_count;
-      ble_store_read_cccd(&key.cccd, &peer_cccd_set[i].cccd);
-    }
-
-    /* Wakeup Spi and SpiNorFlash before accessing the file system
-     * This should be fixed in the FS driver
-     */
-    systemTask.PushMessage(Pinetime::System::Messages::GoToRunning);
-    systemTask.PushMessage(Pinetime::System::Messages::DisableSleeping);
-    vTaskDelay(10);
-
-    lfs_file_t file_p;
-
-    rc = fs.FileOpen(&file_p, "/bond.dat", LFS_O_WRONLY | LFS_O_CREAT);
-    if (rc == 0) {
-      fs.FileWrite(&file_p, reinterpret_cast<uint8_t*>(&our_sec.sec), sizeof our_sec);
-      fs.FileWrite(&file_p, reinterpret_cast<uint8_t*>(&peer_sec.sec), sizeof peer_sec);
-      fs.FileWrite(&file_p, reinterpret_cast<const uint8_t*>(&peer_count), 1);
-      for (int i = 0; i < peer_count; i++) {
-        fs.FileWrite(&file_p, reinterpret_cast<uint8_t*>(&peer_cccd_set[i].cccd), sizeof(struct ble_store_value_cccd));
-      }
-      fs.FileClose(&file_p);
-    }
-    systemTask.PushMessage(Pinetime::System::Messages::EnableSleeping);
-  }
-}
-
-void NimbleController::RestoreBond() {
-  lfs_file_t file_p;
-  union ble_store_value sec, cccd;
-  uint8_t peer_count = 0;
-
-  if (fs.FileOpen(&file_p, "/bond.dat", LFS_O_RDONLY) == 0) {
-    memset(&sec, 0, sizeof sec);
-    fs.FileRead(&file_p, reinterpret_cast<uint8_t*>(&sec.sec), sizeof sec);
-    ble_store_write_our_sec(&sec.sec);
-
-    memset(&sec, 0, sizeof sec);
-    fs.FileRead(&file_p, reinterpret_cast<uint8_t*>(&sec.sec), sizeof sec);
-    ble_store_write_peer_sec(&sec.sec);
-
-    fs.FileRead(&file_p, &peer_count, 1);
-    for (int i = 0; i < peer_count; i++) {
-      fs.FileRead(&file_p, reinterpret_cast<uint8_t*>(&cccd.cccd), sizeof(struct ble_store_value_cccd));
-      ble_store_write_cccd(&cccd.cccd);
-    }
-
-    fs.FileClose(&file_p);
-    fs.FileDelete("/bond.dat");
-  }
-}
diff --git a/src/components/ble/NimbleController.h b/src/components/ble/NimbleController.h
index fecc665..176848d 100644
--- a/src/components/ble/NimbleController.h
+++ b/src/components/ble/NimbleController.h
@@ -67,9 +67,6 @@ namespace Pinetime {
       void DisableRadio();
 
     private:
-      void PersistBond(struct ble_gap_conn_desc& desc);
-      void RestoreBond();
-
       static constexpr const char* deviceName = "InfiniTime";
       Pinetime::System::SystemTask& systemTask;
       Ble& bleController;
author	Michele Bini <michele.bini@gmail.com>	2022-03-24 11:52:51 (GMT)
committer	Michele Bini <michele.bini@gmail.com>	2022-03-24 11:52:51 (GMT)
commit	e78a9401ac707fe75da54fdc6ce6c3aa89032360 (patch)
tree	7e078b0ca8a4f3222197d0e19a038bf4bc187a17 /src/components/ble
parent	3c29183dd22d33928ac62c65a378922d49fa06e9 (diff)