ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

security db iface draft

pull/6188/head
paul-szczepanek-arm 2018-01-15 08:31:33 +00:00
parent bbe408e82b
commit 145fcc5791
2 changed files with 76 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
features/FEATURE_BLE/ble/pal/PalSecurityManager.h
View File

@ -52,7 +52,7 @@ typedef uint32_t passkey_num_t;
typedef uint8_t key_distribution_t;
enum KeyDistributionFlags_t : uint8_t {
enum KeyDistributionFlags_t {
KEY_DISTRIBUTION_NONE = 0x00,
KEY_DISTRIBUTION_ENCRYPTION = 0x01,
KEY_DISTRIBUTION_IDENTITY = 0x02,
@ -63,7 +63,7 @@ enum KeyDistributionFlags_t : uint8_t {
typedef uint8_t authentication_t;
enum AuthenticationFlags_t : uint8_t {
enum AuthenticationFlags_t {
AUTHENTICATION_BONDING = 0x01,
AUTHENTICATION_MITM = 0x04, /* 0x02 missing because bonding uses two bits */
AUTHENTICATION_SECURE_CONNECTIONS = 0x08,
@ -101,7 +101,7 @@ struct bonded_list_t {
class SecurityManagerEventHandler {
SecurityManagerEventHandler() : _app_event_handler(NULL) { };
virtual void security_setup_initiated(connection_handle_t handle, bool allow_bonding,
bool require_mitm, SecurityManager::SecurityIOCapabilities_t iocaps) {
bool require_mitm, SecurityIOCapabilities_t iocaps) {
if (_app_event_handler) {
_app_event_handler->securitySetupInitiated(handle, allowBonding, requireMITM, iocaps);
}
@ -177,7 +177,7 @@ class SecurityManagerEventHandler {
}
}
virtual void accept_pairing_request(connection_handle_t handle,
SecurityManager::SecurityIOCapabilities_t iocaps,
SecurityIOCapabilities_t iocaps,
bool use_oob,
authentication_t authentication,
uint8_t max_key_size,
@ -360,7 +360,7 @@ public:
/* authentication */
virtual ble_error_t request_pairing(connection_handle_t handle,
SecurityManager::SecurityIOCapabilities_t iocaps,
SecurityIOCapabilities_t iocaps,
bool use_oob,
authentication_t authentication,
uint8_t max_key_size,
@ -376,7 +376,7 @@ public:
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t accept_pairing(connection_handle_t handle,
SecurityManager::SecurityIOCapabilities_t iocaps,
SecurityIOCapabilities_t iocaps,
bool use_oob,
authentication_t authentication,
uint8_t max_key_size,

83
features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp
View File

@ -19,12 +19,57 @@
#include "SecurityManager.h"
#include "PalSecurityManager.h"
#include "Callback.h"
namespace ble {
namespace generic {
using ble::pal::address_t;
using ble::pal::authentication_t;
using ble::pal::key_distribution_t;
using ble::pal::irk_t;
using ble::pal::csrk_t;
using ble::pal::ltk_t;
using ble::pal::ediv_t;
using ble::pal::rand_t;
using SecurityManager::SecurityIOCapabilities_t;
static const uint8_t NUMBER_OFFSET = '0';
struct SecurityEntry_t {
connection_handle_t handle;
address_t identity_address;
irk_t irk;
csrk_t csrk;
ltk_t ltk;
ediv_t ediv;
rand_t rand;
bool mitm;
bool authenticated;
bool connected;
};
class SecurityDB {
public:
SecurityDB() {};
~SecurityDB() {};
void update_entry(SecurityEntry_t*);
void get_entry(Callback<void(SecurityEntry_t*)> cb, ediv_t ediv, rand_t rand);
void get_entry(Callback<void(SecurityEntry_t*)> cb, address_t identity_address);
void get_entry(Callback<void(SecurityEntry_t*)> cb, connection_handle_t handle);
void get_whitelist(Callback<void(Gap::Whitelist_t*)> cb);
void update_whitelist(Gap::Whitelist_t*);
void add_whitelist_entry(address_t);
void remove_whitelist_entry(address_t);
private:
};
class GenericSecurityManagerEventHandler : public ble::pal::SecurityManagerEventHandler {
};
@ -33,13 +78,13 @@ class GenericSecurityManager : public SecurityManager {
public:
virtual ble_error_t init(bool enableBonding = true,
bool requireMITM = true,
SecurityIOCapabilities_t iocaps = IO_CAPS_NONE,
const Passkey_t passkey = NULL) {
(void)requireMITM;
SecurityIOCapabilities_t initIocaps = IO_CAPS_NONE,
const Passkey_t defaultPasskey = NULL) {
loadState();
pal.set_io_capabilities(iocaps);
pal.set_bondable(enableBonding);
setPasskey(passkey);
bonding = enableBonding;
mitm = requireMITM;
iocaps = initIocaps;
passkey = defaultPasskey;
return BLE_ERROR_NONE;
}
@ -71,12 +116,12 @@ public:
}
ble_error_t setLinkSecurity(Gap::Handle_t connectionHandle, SecurityMode_t securityMode) {
return pal.set_security_mode(connectionHandle, securityMode);
//return pal.set_security_mode(connectionHandle, securityMode);
}
ble_error_t purgeAllBondingState(void) {
ble::pal::bonded_list_t empty_list = { NULL, 0, 0 };
return pal.set_bonded_list(empty_list);
return pal.clear_bonded_list();
}
ble_error_t getAddressesFromBondTable(Gap::Whitelist_t &addresses) const {
@ -84,7 +129,7 @@ public:
}
ble_error_t setOOBDataUsage(Gap::Handle_t connectionHandle, bool useOOB, bool OOBProvidesMITM = false) {
return pal.set_oob_data_usage(connectionHandle, useOOB, OOBProvidesMITM);
return BLE_ERROR_NONE;
}
ble_error_t preserveBondingStateOnReset(bool enabled) {
@ -107,13 +152,13 @@ public:
void setSecurityManagerEventHandler(SecurityManagerEventHandler* handler) {
SecurityManager::setSecurityManagerEventHandler(handler);
/* handler is always a valid pointer */
pal_event_handler.set_app_event_handler(eventHandler);
palEventHandler.set_app_event_handler(eventHandler);
}
protected:
GenericSecurityManager(ble::pal::SecurityManager& palImpl) : pal(palImpl), saveStateEnabled(false) {
pal_event_handler.set_app_event_handler(&defaultEventHandler);
pal.set_event_handler(&pal_event_handler);
palEventHandler.set_app_event_handler(&defaultEventHandler);
pal.set_event_handler(&palEventHandler);
}
public:
@ -127,8 +172,20 @@ public:
private:
ble::pal::SecurityManager& pal;
GenericSecurityManagerEventHandler pal_event_handler;
GenericSecurityManagerEventHandler palEventHandler;
bool saveStateEnabled;
SecurityIOCapabilities_t iocaps;
Passkey_t passkey;
bool mitm;
bool bonding;
bool useOob;
authentication_t authentication;
uint8_t minKeySize;
uint8_t maxKeySize;
key_distribution_t initiatorDist;
key_distribution_t responderDist;
};
} /* namespace generic */