io caps and key size now stored by stack, secured cahgned to encrypted, moved passkey classes to pal

2018-01-18 17:40:08 +00:00 · 2018-01-18 17:40:08 +00:00 · 021a1fdf76
parent 82c0847ab8
commit 021a1fdf76
2 changed files with 63 additions and 65 deletions
--- a/features/FEATURE_BLE/ble/pal/PalSecurityManager.h
+++ b/features/FEATURE_BLE/ble/pal/PalSecurityManager.h
@ -44,6 +44,51 @@ typedef uint8_t rand_t[2];
 typedef uint8_t random_data_t[8];
 typedef uint32_t passkey_num_t;

+class PasskeyNum {
+public:
+    PasskeyNum() : number(0) { }
+    PasskeyNum(uint32_t num) : number(num) { }
+    operator uint32_t() {
+        return number;
+    }
+    uint32_t number;
+};
+
+class PasskeyAsci {
+public:
+    static const uint8_t NUMBER_OFFSET = '0';
+
+    PasskeyAsci(const uint8_t* passkey) {
+        if (passkey) {
+            memcpy(asci, passkey, SecurityManager::PASSKEY_LEN);
+        } else {
+            memset(asci, NUMBER_OFFSET, SecurityManager::PASSKEY_LEN);
+        }
+    }
+    PasskeyAsci() {
+        memset(asci, NUMBER_OFFSET, SecurityManager::PASSKEY_LEN);
+    }
+    PasskeyAsci(const PasskeyNum& passkey) {
+        for (size_t i = 5, m = 100000; i >= 0; --i, m /= 10) {
+            uint32_t result = passkey.number / m;
+            asci[i] = NUMBER_OFFSET + result;
+            passkey.number -= result;
+        }
+    }
+    operator PasskeyNum() {
+        return PasskeyNum(to_num(asci));
+    }
+
+    static uint32_t to_num(const uint8_t* asci) {
+        uint32_t passkey = 0;
+        for (size_t i = 0, m = 1; i < SecurityManager::PASSKEY_LEN; ++i, m *= 10) {
+            passkey += (asci[i] - NUMBER_OFFSET) * m;
+        }
+        return passkey;
+    }
+    uint8_t asci[SecurityManager::PASSKEY_LEN];
+};
+
 class KeyDistribution {
 public:
    enum KeyDistributionFlags_t {
@ -242,13 +287,11 @@ public:
    //

    /**
-     * To indicate that the link with the peer is secured. For bonded devices,
-     * subsequent reconnections with a bonded peer will result only in this callback
-     * when the link is secured; setup procedures will not occur (unless the
-     * bonding information is either lost or deleted on either or both sides).
+     * reports change of encryption status or result of encryption request
     */
-    virtual void on_link_secured(
-        connection_handle_t connection, SecurityManager::SecurityMode_t security_mode
+    virtual void on_link_encryption_result(
+        connection_handle_t connection,
+        bool encrypted
    ) = 0;

    /**
@ -266,7 +309,8 @@ public:
     * Called when the application should display a passkey.
     */
    virtual void on_passkey_display(
-        connection_handle_t connection, const passkey_num_t passkey
+        connection_handle_t connection,
+        const passkey_num_t passkey
    ) = 0;

    /**
@ -426,9 +470,12 @@ public:

    virtual ble_error_t get_secure_connections_support(bool &enabled) = 0;

+    virtual ble_error_t set_io_capability(io_capability_t io_capability) = 0;
+
    ////////////////////////////////////////////////////////////////////////////
    // Security settings
    //
+
    virtual ble_error_t set_authentication_timeout(
        connection_handle_t, uint16_t timeout_in_10ms
    ) = 0;
@ -437,6 +484,11 @@ public:
        connection_handle_t, uint16_t &timeout_in_10ms
    ) = 0;

+    virtual ble_error_t set_encryption_key_requirements(
+        uint16_t min_encryption_key_bitsize,
+        uint16_t max_encryption_key_bitsize
+    ) = 0;
+
    ////////////////////////////////////////////////////////////////////////////
    // Encryption
    //
@ -445,10 +497,6 @@ public:

    virtual ble_error_t disable_encryption(connection_handle_t connection) = 0;

-    virtual ble_error_t get_encryption_status(
-        connection_handle_t connection, LinkSecurityStatus_t &status
-    ) = 0;
-
    virtual ble_error_t get_encryption_key_size(
        connection_handle_t, uint8_t &bitsize
    ) = 0;
@ -492,10 +540,8 @@ public:
     */
    virtual ble_error_t send_pairing_request(
        connection_handle_t connection,
-        io_capability_t io_capability,
        bool oob_data_flag,
        AuthenticationMask authentication_requirements,
-        uint8_t maximum_encryption_key_size,
        KeyDistribution initiator_dist,
        KeyDistribution responder_dist
    );
@ -507,10 +553,8 @@ public:
     */
    virtual ble_error_t send_pairing_response(
        connection_handle_t connection,
-        io_capability_t io_capability,
        bool oob_data_flag,
        AuthenticationMask authentication_requirements,
-        uint8_t maximum_encryption_key_size,
        KeyDistribution initiator_dist,
        KeyDistribution responder_dist
    ) = 0;
@ -538,6 +582,8 @@ public:
    // MITM
    //

+    virtual void set_display_passkey(const passkey_num_t passkey) = 0;
+
    /**
     * Reply to a passkey request received from the SecurityManagerEventHandler.
     */
@ -552,7 +598,6 @@ public:
        connection_handle_t connection, const oob_data_t& oob_data
    ) = 0;

-
    virtual ble_error_t confirmation_entered(
        connection_handle_t connection, bool confirmation
    ) = 0;
--- a/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp
+++ b/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp
@ -37,53 +37,10 @@ using ble::pal::AuthenticationMask::AuthenticationFlags_t;
 using ble::pal::AuthenticationMask;
 using ble::pal::KeyDistribution;
 using ble::pairing_failure_t;
+using ble::PasskeyAsci;
+using ble::PasskeyNum;
 typedef SecurityManager::SecurityIOCapabilities_t SecurityIOCapabilities_t;

-class PasskeyNum {
-public:
-    PasskeyNum() : number(0) { }
-    PasskeyNum(uint32_t num) : number(num) { }
-    operator uint32_t() {
-        return number;
-    }
-    uint32_t number;
-};
-
-class PasskeyAsci {
-public:
-    static const uint8_t NUMBER_OFFSET = '0';
-
-    PasskeyAsci(const uint8_t* passkey) {
-        if (passkey) {
-            memcpy(asci, passkey, SecurityManager::PASSKEY_LEN);
-        } else {
-            memset(asci, NUMBER_OFFSET, SecurityManager::PASSKEY_LEN);
-        }
-    }
-    PasskeyAsci() {
-        memset(asci, NUMBER_OFFSET, SecurityManager::PASSKEY_LEN);
-    }
-    PasskeyAsci(const PasskeyNum& passkey) {
-        for (size_t i = 5, m = 100000; i >= 0; --i, m /= 10) {
-            uint32_t result = passkey.number / m;
-            asci[i] = NUMBER_OFFSET + result;
-            passkey.number -= result;
-        }
-    }
-    operator PasskeyNum() {
-        return PasskeyNum(to_num(asci));
-    }
-
-    static uint32_t to_num(const uint8_t* asci) {
-        uint32_t passkey = 0;
-        for (size_t i = 0, m = 1; i < SecurityManager::PASSKEY_LEN; ++i, m *= 10) {
-            passkey += (asci[i] - NUMBER_OFFSET) * m;
-        }
-        return passkey;
-    }
-    uint8_t asci[SecurityManager::PASSKEY_LEN];
-};
-
 /* separate structs to allow db implementation to minimise memory usage */

 struct SecurityEntry_t {
@ -466,8 +423,6 @@ protected:
          pairing_authorisation_required(false),
          legacy_pairing_allowed(true),
          authentication(0),
-          min_key_size(0),
-          max_key_size(128),
          initiator_dist(0),
          responder_dist(0) {
        _app_event_handler = &defaultEventHandler;
@ -485,8 +440,6 @@ private:
    bool legacy_pairing_allowed;

    AuthenticationMask  authentication;
-    uint8_t             min_key_size;
-    uint8_t             max_key_size;
    KeyDistribution     initiator_dist;
    KeyDistribution     responder_dist;