slave request handling

features/FEATURE_BLE/ble/generic/GenericSecurityDb.h

@@ -45,6 +45,7 @@ struct SecurityEntry_t {
 
     uint8_t connected:1;
     uint8_t authenticated:1; /**< have we authenticated during this connection */
+    uint8_t master:1;
 
     uint8_t sign_data:1;
 
@@ -59,6 +60,7 @@ struct SecurityEntry_t {
     uint8_t signing_key:1;
     uint8_t signing_requested:1;
     uint8_t encryption_key:1;
+
 };
 
 struct SecurityEntryKeys_t {

features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp

@@ -258,9 +258,16 @@ public:
 
         entry->signing_requested = enabled;
 
+        if (entry->encrypted) {
+            return BLE_ERROR_INVALID_STATE;
+        }
         if (!entry->signing_key && entry->signing_requested) {
             initSigning();
-            return requestPairing(connection);
+            if (entry->master) {
+                return requestPairing(connection);
+            } else {
+                return slave_security_request(connection);
+            }
         }
 
         return BLE_ERROR_NONE;
@@ -271,6 +278,16 @@ public:
         return BLE_ERROR_NONE;
     }
 
+    virtual ble_error_t slave_security_request(connection_handle_t connection) {
+        SecurityEntry_t *entry = db.get_entry(connection);
+        if (!entry) {
+            return BLE_ERROR_INVALID_PARAM;
+        }
+        AuthenticationMask link_authentication(default_authentication);
+        link_authentication.set_mitm(entry->mitm_requested);
+        return pal.slave_security_request(connection, link_authentication);
+    }
+
     ////////////////////////////////////////////////////////////////////////////
     // Encryption
     //
@@ -382,11 +399,23 @@ public:
     }
 
     virtual ble_error_t enable_encryption(connection_handle_t connection) {
-        db.get_entry_peer_keys(
-            mbed::callback(this, &GenericSecurityManager::enable_encryption_cb),
-            connection
-        );
-        return BLE_ERROR_NONE;
+        SecurityEntry_t *entry = db.get_entry(connection);
+        if (!entry) {
+            return BLE_ERROR_INVALID_PARAM;
+        }
+        if (entry->master) {
+            if (entry->encryption_key) {
+                db.get_entry_peer_keys(
+                    mbed::callback(this, &GenericSecurityManager::enable_encryption_cb),
+                    connection
+                );
+                return BLE_ERROR_NONE;
+            } else {
+                return requestPairing(connection);
+            }
+        } else {
+            return slave_security_request(connection);
+        }
     }
 
     /**
@@ -437,8 +466,10 @@ public:
              * keys exchange will create the signingKey event */
             if (authenticated) {
                 return requestAuthentication(connection);
-            } else {
+            } else if (entry->master) {
                 return requestPairing(connection);
+            } else {
+                return slave_security_request(connection);
             }
         }
     }
@@ -490,7 +521,11 @@ public:
             }
         } else {
             entry->mitm_requested = true;
-            return requestPairing(connection);
+            if (entry->master) {
+                return requestPairing(connection);
+            } else {
+                return slave_security_request(connection);
+            }
         }
     }
 
@@ -570,8 +605,8 @@ private:
     bool legacy_pairing_allowed;
     bool master_sends_keys;
 
-    AuthenticationMask  default_authentication;
-    KeyDistribution     default_key_distribution;
+    AuthenticationMask default_authentication;
+    KeyDistribution default_key_distribution;
 
     /*  implements ble::pal::SecurityManagerEventHandler */
 public: