From 1cd09e2b8dc4eb309c9955ddf7544b1cb0ce2cfd Mon Sep 17 00:00:00 2001
From: schneider <schneider@blinkenlichts.net>
Date: Thu, 4 Jun 2020 00:27:12 +0200
Subject: [PATCH] fix(ble): Actually require a MITM protected connection

Not that it really matters much at the moment as we allow bondings at
any point in time, but this will hopefully change soon.
---
 epicardium/ble/ble_main.c | 28 ++++++++++++++--------------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/epicardium/ble/ble_main.c b/epicardium/ble/ble_main.c
index dfbc96339..bcbfa000f 100644
--- a/epicardium/ble/ble_main.c
+++ b/epicardium/ble/ble_main.c
@@ -87,11 +87,11 @@ static const appSlaveCfg_t bleSlaveCfg =
 /*! configurable parameters for security */
 static const appSecCfg_t bleSecCfg =
 {
-  DM_AUTH_BOND_FLAG | DM_AUTH_SC_FLAG,    /*! Authentication and bonding flags */
-  0,                                      /*! Initiator key distribution flags */
-  DM_KEY_DIST_LTK,                        /*! Responder key distribution flags */
-  FALSE,                                  /*! TRUE if Out-of-band pairing data is present */
-  TRUE                                    /*! TRUE to initiate security upon connection */
+  .auth = DM_AUTH_MITM_FLAG | DM_AUTH_BOND_FLAG | DM_AUTH_SC_FLAG, /*! Authentication and bonding flags */
+  .iKeyDist = 0,                               /*! Initiator key distribution flags */
+  .rKeyDist = DM_KEY_DIST_LTK,                 /*! Responder key distribution flags */
+  .oob=FALSE,                                  /*! TRUE if Out-of-band pairing data is present */
+  .initiateSec = TRUE                          /*! TRUE to initiate security upon connection */
 };
 
 /*! configurable parameters for connection parameter update */
@@ -118,15 +118,15 @@ static const basCfg_t bleBasCfg =
 /*! SMP security parameter configuration */
 static const smpCfg_t bleSmpCfg =
 {
-  3000,                                   /*! 'Repeated attempts' timeout in msec */
-  SMP_IO_DISP_YES_NO,                     /*! I/O Capability */
-  7,                                      /*! Minimum encryption key length */
-  16,                                     /*! Maximum encryption key length */
-  3,                                      /*! Attempts to trigger 'repeated attempts' timeout */
-  DM_AUTH_MITM_FLAG,                      /*! Device authentication requirements */
-  64000,                                  /*! Maximum 'Repeated attempts' timeout in msec */
-  64000,                                  /*! Time msec before attemptExp decreases */
-  2,                                      /*! Exponent to raise attemptTimeout on maxAttempts */
+  .attemptTimeout = 3000,                          /*! 'Repeated attempts' timeout in msec */
+  .ioCap = SMP_IO_DISP_YES_NO,                     /*! I/O Capability */
+  .minKeyLen = 16,                                 /*! Minimum encryption key length */
+  .maxKeyLen = 16,                                 /*! Maximum encryption key length */
+  .maxAttempts = 3,                                /*! Attempts to trigger 'repeated attempts' timeout */
+  .auth = DM_AUTH_MITM_FLAG | DM_AUTH_SC_FLAG,     /*! Device authentication requirements */
+  .maxAttemptTimeout = 64000,                      /*! Maximum 'Repeated attempts' timeout in msec */
+  .attemptDecTimeout = 64000,                      /*! Time msec before attemptExp decreases */
+  .attemptExp = 2,                                 /*! Exponent to raise attemptTimeout on maxAttempts */
 };
 
 /* Configuration structure */
-- 
GitLab