hint role reversal, set the correct ltk keys

features/FEATURE_BLE/ble/SecurityManager.h

@@ -442,6 +442,18 @@ public:
         return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
     }
 
+    /**
+     * Give a hint to the stack that the master/slave role might change in the future
+     *
+     * @param enable if set to true it hints the roles are likely to swap in the future
+     *
+     * @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
+     */
+    virtual ble_error_t setHintFutureRoleReversal(bool enable = true) {
+        (void)enable;
+        return BLE_ERROR_NOT_IMPLEMENTED;
+    }
+
     ////////////////////////////////////////////////////////////////////////////
     // Encryption
     //

features/FEATURE_BLE/ble/pal/PalSecurityManager.h

@@ -381,11 +381,30 @@ public:
         const rand_t rand
     ) = 0;
 
+    /**
+     * If we generated our own key, this lets us store it
+     * ourselves, if we are slave this will be used to encrypt,
+     * otherwise this will be stored to be used in case
+     * of role reversal
+     *
+     * @param connection connection handle
+     * @param ltk key sent to the peer
+     */
     virtual void on_keys_distributed_local_ltk(
         connection_handle_t connection,
         const ltk_t ltk
     ) = 0;
 
+    /**
+     * If we generated our own key, this lets us identify
+     * the stored key, if we are slave that ltk will be
+     * used to encrypt, otherwise this will be stored to
+     * be used in case of role reversal
+     *
+     * @param connection connection handle
+     * @param ediv idenitfies ltk
+     * @param rand idenitfies ltk
+     */
     virtual void on_keys_distributed_local_ediv_rand(
         connection_handle_t connection,
         const ediv_t ediv,
@@ -408,6 +427,10 @@ public:
         const csrk_t csrk
     ) = 0;
 
+    /**
+     * The peer is asking as to encrypt the link, we need to
+     * provide the ltk based on the ediv and rand provided by the other side
+     */
     virtual void on_ltk_request(
         connection_handle_t connection,
         const ediv_t ediv,
@@ -566,10 +589,6 @@ public:
      */
     virtual ble_error_t set_csrk(const csrk_t csrk) = 0;
 
-    virtual ble_error_t generate_irk() = 0;
-
-    virtual ble_error_t generate_csrk() = 0;
-
     ////////////////////////////////////////////////////////////////////////////
     // Authentication
     //

features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp

@@ -111,7 +111,9 @@ public:
     /* get */
     virtual void get_entry_local_keys(
         SecurityEntryKeysDbCb_t cb,
-        connection_handle_t connection
+        connection_handle_t connection,
+        const ediv_t ediv,
+        const rand_t rand
     );
     /* set */
     virtual void set_entry_local_ltk(
@@ -921,6 +923,21 @@ public:
         db.set_entry_peer_ediv_rand(connection, ediv, rand);
     }
 
+    virtual void on_keys_distributed_local_ltk(
+        connection_handle_t connection,
+        const ltk_t ltk
+    ) {
+        db.set_entry_local_ltk(connection, ltk);
+    }
+
+    virtual void on_keys_distributed_local_ediv_rand(
+        connection_handle_t connection,
+        const ediv_t ediv,
+        const rand_t rand
+    ) {
+        db.set_entry_local_ediv_rand(connection, ediv, rand);
+    }
+
     virtual void on_keys_distributed_irk(
         connection_handle_t connection,
         const irk_t irk
@@ -952,14 +969,14 @@ public:
             db.get_entry(connection)->mitm
         );
     }
-
     virtual void on_ltk_request(
         connection_handle_t connection,
         const ediv_t ediv,
         const rand_t rand
     ) {
-        db.get_entry_peer_keys(
+        db.get_entry_local_keys(
             mbed::callback(this, &GenericSecurityManager::set_ltk_cb),
+            connection,
             ediv,
             rand
         );