ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix signing permissions

pull/9864/head
paul-szczepanek-arm 2019-03-01 11:58:52 +00:00
parent e247852043
commit 34ef17370b
3 changed files with 55 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
features/FEATURE_BLE/targets/TARGET_CORDIO/source/CordioPalSecurityManager.tpp
View File

@ -365,7 +365,7 @@ ble_error_t CordioSecurityManager<EventHandler>::set_peer_csrk_(
} }
} }
AttsSetCsrk(connection, _peer_csrks[connection_index]->data()); AttsSetCsrk(connection, _peer_csrks[connection_index]->data(), authenticated);
AttsSetSignCounter(connection, sign_counter); AttsSetSignCounter(connection, sign_counter);
return BLE_ERROR_NONE; return BLE_ERROR_NONE;
} }
@ -384,7 +384,7 @@ ble_error_t CordioSecurityManager<EventHandler>::remove_peer_csrk_(connection_ha
_peer_csrks[connection_index] = NULL; _peer_csrks[connection_index] = NULL;
} }
AttsSetCsrk(connection, NULL); AttsSetCsrk(connection, NULL, false);
return BLE_ERROR_NONE; return BLE_ERROR_NONE;
} }

3
features/FEATURE_BLE/targets/TARGET_CORDIO/stack/ble-host/include/att_api.h
View File

@ -771,11 +771,12 @@ void AttsContinueWriteReq(dmConnId_t connId, uint16_t handle, uint8_t status);
* *
* \param connId DM connection ID. * \param connId DM connection ID.
* \param pCsrk Pointer to data signing key (CSRK). * \param pCsrk Pointer to data signing key (CSRK).
* \param authenticated True if CSRK is authenticated and false otherwise.
* *
* \return None. * \return None.
*/ */
/*************************************************************************************************/ /*************************************************************************************************/
void AttsSetCsrk(dmConnId_t connId, uint8_t *pCsrk); void AttsSetCsrk(dmConnId_t connId, uint8_t *pCsrk, bool_t authenticated);
/*************************************************************************************************/ /*************************************************************************************************/
/*! /*!

43
features/FEATURE_BLE/targets/TARGET_CORDIO/stack/ble-host/sources/stack/att/atts_sign.c
View File

@ -57,6 +57,7 @@ typedef struct
uint32_t signCounter; /* sign counter for this connection */ uint32_t signCounter; /* sign counter for this connection */
uint8_t *pCsrk; /* signing key for this connection */ uint8_t *pCsrk; /* signing key for this connection */
attsSignBuf_t *pBuf; /* current data being processed */ attsSignBuf_t *pBuf; /* current data being processed */
bool_t authenticated; /* Indicate if the CSRK is authenticated or not */
} attsSignCcb_t; } attsSignCcb_t;
/* ATTS signed PDU control block */ /* ATTS signed PDU control block */
@ -160,30 +161,47 @@ static void attsProcSignedWrite(attCcb_t *pCcb, uint16_t len, uint8_t *pPacket)
/* find attribute */ /* find attribute */
if ((pAttr = attsFindByHandle(handle, &pGroup)) != NULL) if ((pAttr = attsFindByHandle(handle, &pGroup)) != NULL)
{ {
/* verify permissions */
if (attsPermissions(pCcb->connId, ATTS_PERMIT_WRITE, handle, pAttr->permissions) != ATT_SUCCESS)
{
return;
}
/* verify signed write is permitted */ /* verify signed write is permitted */
else if ((pAttr->settings & ATTS_SET_ALLOW_SIGNED) == 0) if ((pAttr->settings & ATTS_SET_ALLOW_SIGNED) == 0)
{ {
return; return;
} }
/* verify that csrk is present */
if (attsSignCcbByConnId(pCcb->connId)->pCsrk == NULL) {
return;
}
/* verify basic permissions */
if ((pAttr->permissions & (ATTS_PERMIT_WRITE | ATTS_PERMIT_WRITE_ENC)) == 0)
{
return;
}
/* verify authentication */
if ((pAttr->permissions & ATTS_PERMIT_WRITE_AUTH) &&
(attsSignCcbByConnId(pCcb->connId)->authenticated == 0))
{
return;
}
/* Note: authorization not verified at this stage as it is reserved for lesc
writes; authorization occurs latter when the write cb is called */
/* verify write length, fixed length */ /* verify write length, fixed length */
else if (((pAttr->settings & ATTS_SET_VARIABLE_LEN) == 0) && if (((pAttr->settings & ATTS_SET_VARIABLE_LEN) == 0) &&
(writeLen != pAttr->maxLen)) (writeLen != pAttr->maxLen))
{ {
return; return;
} }
/* verify write length, variable length */ /* verify write length, variable length */
else if (((pAttr->settings & ATTS_SET_VARIABLE_LEN) != 0) && if (((pAttr->settings & ATTS_SET_VARIABLE_LEN) != 0) &&
(writeLen > pAttr->maxLen)) (writeLen > pAttr->maxLen))
{ {
return; return;
} }
else
{
/* allocate buffer to store packet and parameters */ /* allocate buffer to store packet and parameters */
if ((pBuf = WsfBufAlloc(sizeof(attsSignBuf_t) - 1 + len)) != NULL) if ((pBuf = WsfBufAlloc(sizeof(attsSignBuf_t) - 1 + len)) != NULL)
{ {
@ -210,7 +228,6 @@ static void attsProcSignedWrite(attCcb_t *pCcb, uint16_t len, uint8_t *pPacket)
} }
} }
} }
}
/*************************************************************************************************/ /*************************************************************************************************/
/*! /*!
@ -336,13 +353,15 @@ void AttsSignInit(void)
* *
* \param connId DM connection ID. * \param connId DM connection ID.
* \param pCsrk Pointer to data signing key (CSRK). * \param pCsrk Pointer to data signing key (CSRK).
* \param authenticated True if CSRK is authenticated and false otherwise.
* *
* \return None. * \return None.
*/ */
/*************************************************************************************************/ /*************************************************************************************************/
void AttsSetCsrk(dmConnId_t connId, uint8_t *pCsrk) void AttsSetCsrk(dmConnId_t connId, uint8_t *pCsrk, bool_t authenticated)
{ {
attsSignCcbByConnId(connId)->pCsrk = pCsrk; attsSignCcbByConnId(connId)->pCsrk = pCsrk;
attsSignCcbByConnId(connId)->authenticated = authenticated;
} }
/*************************************************************************************************/ /*************************************************************************************************/