Skip to content

Commit d79b9c6

Browse files
jimmodpgeorge
jimmo
authored and
dpgeorge
committed
extmod/nimble: Generate and persist a unique IRK.
This provides a workaround for apache/mynewt-nimble#887. Without this, all devices would share a fixed default IRK. Signed-off-by: Jim Mussared <jim.mussared@gmail.com>
1 parent 68136eb commit d79b9c6

File tree

1 file changed

+58
-0
lines changed

1 file changed

+58
-0
lines changed

extmod/nimble/modbluetooth_nimble.c

Lines changed: 58 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -189,6 +189,59 @@ STATIC void set_random_address(bool nrpa) {
189189
assert(rc == 0);
190190
}
191191

192+
#if MICROPY_PY_BLUETOOTH_ENABLE_PAIRING_BONDING
193+
// For ble_hs_pvcy_set_our_irk
194+
#include "nimble/host/src/ble_hs_pvcy_priv.h"
195+
// For ble_hs_hci_util_rand
196+
#include "nimble/host/src/ble_hs_hci_priv.h"
197+
// For ble_hs_misc_restore_irks
198+
#include "nimble/host/src/ble_hs_priv.h"
199+
200+
// Must be distinct to BLE_STORE_OBJ_TYPE_ in ble_store.h.
201+
#define SECRET_TYPE_OUR_IRK 10
202+
203+
STATIC int load_irk(void) {
204+
// NimBLE unconditionally loads a fixed IRK on startup.
205+
// See https://github.com/apache/mynewt-nimble/issues/887
206+
207+
// Dummy key to use for the store.
208+
// Technically the secret type is enough as there will only be
209+
// one IRK so the key doesn't matter, but a NULL (None) key means "search".
210+
const uint8_t key[3] = {'i', 'r', 'k'};
211+
212+
int rc;
213+
const uint8_t *irk;
214+
size_t irk_len;
215+
if (mp_bluetooth_gap_on_get_secret(SECRET_TYPE_OUR_IRK, 0, key, sizeof(key), &irk, &irk_len) && irk_len == 16) {
216+
DEBUG_printf("load_irk: Applying IRK from store.\n");
217+
rc = ble_hs_pvcy_set_our_irk(irk);
218+
if (rc) {
219+
return rc;
220+
}
221+
} else {
222+
DEBUG_printf("load_irk: Generating new IRK.\n");
223+
uint8_t rand_irk[16];
224+
rc = ble_hs_hci_util_rand(rand_irk, 16);
225+
if (rc) {
226+
return rc;
227+
}
228+
DEBUG_printf("load_irk: Saving new IRK.\n");
229+
if (!mp_bluetooth_gap_on_set_secret(SECRET_TYPE_OUR_IRK, key, sizeof(key), rand_irk, 16)) {
230+
return BLE_HS_EINVAL;
231+
}
232+
DEBUG_printf("load_irk: Applying new IRK.\n");
233+
rc = ble_hs_pvcy_set_our_irk(rand_irk);
234+
if (rc) {
235+
return rc;
236+
}
237+
}
238+
239+
// Loading an IRK will clear all peer IRKs, so reload them from the store.
240+
rc = ble_hs_misc_restore_irks();
241+
return rc;
242+
}
243+
#endif
244+
192245
STATIC void sync_cb(void) {
193246
int rc;
194247
(void)rc;
@@ -199,6 +252,11 @@ STATIC void sync_cb(void) {
199252
return;
200253
}
201254

255+
#if MICROPY_PY_BLUETOOTH_ENABLE_PAIRING_BONDING
256+
rc = load_irk();
257+
assert(rc == 0);
258+
#endif
259+
202260
if (has_public_address()) {
203261
nimble_address_mode = BLE_OWN_ADDR_PUBLIC;
204262
} else {

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy