Cordio: Implement missing functions for secure connection

features/FEATURE_BLE/targets/TARGET_CORDIO/CordioPalSecurityManager.h

@@ -20,6 +20,8 @@
 #include "ble/pal/PalSecurityManager.h"
 #include "wsf_types.h"
 #include "wsf_os.h"
+#include "sec_api.h"
+#include "smp_defs.h"
 
 namespace ble {
 namespace pal {
@@ -83,16 +85,42 @@ public:
     virtual ble_error_t clear_resolving_list();
 
     ////////////////////////////////////////////////////////////////////////////
-    // Feature support
+    // Pairing
     //
 
     /**
-     * @see ::ble::pal::SecurityManager::set_secure_connections_support
+     * @see ::ble::pal::SecurityManager::send_pairing_request
      */
-    virtual ble_error_t set_secure_connections_support(
-        bool enabled, bool secure_connections_only = false
+    virtual ble_error_t send_pairing_request(
+        connection_handle_t connection,
+        bool oob_data_flag,
+        AuthenticationMask authentication_requirements,
+        KeyDistribution initiator_dist,
+        KeyDistribution responder_dist
     );
 
+    /**
+     * @see ::ble::pal::SecurityManager::send_pairing_response
+     */
+    virtual ble_error_t send_pairing_response(
+        connection_handle_t connection,
+        bool oob_data_flag,
+        AuthenticationMask authentication_requirements,
+        KeyDistribution initiator_dist,
+        KeyDistribution responder_dist
+    );
+
+    /**
+     * @see ::ble::pal::SecurityManager::cancel_pairing
+     */
+    virtual ble_error_t cancel_pairing(
+        connection_handle_t connection, pairing_failure_t reason
+    );
+
+    ////////////////////////////////////////////////////////////////////////////
+    // Feature support
+    //
+
     /**
      * @see ::ble::pal::SecurityManager::get_secure_connections_support
      */
@@ -100,6 +128,11 @@ public:
         bool &enabled
     );
 
+    /**
+     * @see ::ble::pal::SecurityManager::set_io_capability
+     */
+    virtual ble_error_t set_io_capability(io_capability_t io_capability);
+
     ////////////////////////////////////////////////////////////////////////////
     // Security settings
     //
@@ -118,6 +151,17 @@ public:
         connection_handle_t, uint16_t &timeout_in_10ms
     );
 
+    /**
+     * @see ::ble::pal::SecurityManager::set_encryption_key_requirements
+     */
+    virtual ble_error_t set_encryption_key_requirements(
+        uint8_t min_encryption_key_size,
+        uint8_t max_encryption_key_size
+    );
+
+    /**
+     * @see ::ble::pal::SecurityManager::slave_security_request
+     */
     virtual ble_error_t slave_security_request(
         connection_handle_t connection,
         AuthenticationMask authentication
@@ -195,61 +239,10 @@ public:
      */
     virtual ble_error_t set_csrk(const csrk_t &csrk);
 
-    ////////////////////////////////////////////////////////////////////////////
-    // Global parameters
-    //
-
-    /**
-     * @see ::ble::pal::SecurityManager::set_display_passkey
-     */
-    virtual ble_error_t set_display_passkey(passkey_num_t passkey);
-
-    /**
-     * @see ::ble::pal::SecurityManager::set_io_capability
-     */
-    virtual ble_error_t set_io_capability(io_capability_t io_capability);
-
-    /**
-     * @see ::ble::pal::SecurityManager::set_encryption_key_requirements
-     */
-    virtual ble_error_t set_encryption_key_requirements(
-        uint8_t min_encryption_key_size,
-        uint8_t max_encryption_key_size
-    );
-
     ////////////////////////////////////////////////////////////////////////////
     // Authentication
     //
 
-    /**
-     * @see ::ble::pal::SecurityManager::send_pairing_request
-     */
-    virtual ble_error_t send_pairing_request(
-        connection_handle_t connection,
-        bool oob_data_flag,
-        AuthenticationMask authentication_requirements,
-        KeyDistribution initiator_dist,
-        KeyDistribution responder_dist
-    );
-
-    /**
-     * @see ::ble::pal::SecurityManager::send_pairing_response
-     */
-    virtual ble_error_t send_pairing_response(
-        connection_handle_t connection,
-        bool oob_data_flag,
-        AuthenticationMask authentication_requirements,
-        KeyDistribution initiator_dist,
-        KeyDistribution responder_dist
-    );
-
-    /**
-     * @see ::ble::pal::SecurityManager::cancel_pairing
-     */
-    virtual ble_error_t cancel_pairing(
-        connection_handle_t connection, pairing_failure_t reason
-    );
-
     /**
      * @see ::ble::pal::SecurityManager::get_random_data
      */
@@ -259,6 +252,11 @@ public:
     // MITM
     //
 
+    /**
+     * @see ::ble::pal::SecurityManager::set_display_passkey
+     */
+    virtual ble_error_t set_display_passkey(passkey_num_t passkey);
+
     /**
      * @see ::ble::pal::SecurityManager::passkey_request_reply
      */
@@ -267,6 +265,16 @@ public:
         passkey_num_t passkey
     );
 
+    /**
+     * @see ::ble::pal::SecurityManager::secure_connections_oob_request_reply
+     */
+    virtual ble_error_t secure_connections_oob_request_reply(
+        connection_handle_t connection,
+        const oob_lesc_value_t &local_random,
+        const oob_lesc_value_t &peer_random,
+        const oob_confirm_t &peer_confirm
+    );
+
     /**
      * @see ::ble::pal::SecurityManager::legacy_pairing_oob_request_reply
      */
@@ -296,16 +304,6 @@ public:
         connection_handle_t connection
     );
 
-    /**
-     * @see ::ble::pal::SecurityManager::secure_connections_oob_request_reply
-     */
-    virtual ble_error_t secure_connections_oob_request_reply(
-        connection_handle_t connection,
-        const oob_lesc_value_t &local_random,
-        const oob_lesc_value_t &peer_random,
-        const oob_confirm_t &peer_confirm
-    );
-
     // singleton of the ARM Cordio Security Manager
     static CordioSecurityManager &get_security_manager();
 
@@ -315,6 +313,8 @@ public:
 private:
     bool _use_default_passkey;
     passkey_num_t _default_passkey;
+    bool _lesc_keys_generated;
+    uint8_t _public_key_x[SEC_ECC_KEY_LEN];
 };
 
 } // cordio

features/FEATURE_BLE/targets/TARGET_CORDIO/source/CordioPalSecurityManager.cpp

@@ -14,6 +14,8 @@
  * limitations under the License.
  */
 
+#include <string.h>
+
 #include "CordioPalSecurityManager.h"
 #include "dm_api.h"
 #include "smp_api.h"
@@ -27,7 +29,9 @@ namespace cordio {
 CordioSecurityManager::CordioSecurityManager() :
     ::ble::pal::SecurityManager(),
     _use_default_passkey(false),
-    _default_passkey(0)
+    _default_passkey(0),
+    _lesc_keys_generated(false),
+    _public_key_x()
 {
 
 }
@@ -43,6 +47,17 @@ CordioSecurityManager::~CordioSecurityManager()
 
 ble_error_t CordioSecurityManager::initialize()
 {
+    // reset local state
+    _use_default_passkey = false;
+    _default_passkey = 0;
+    _lesc_keys_generated = false;
+
+#if 0
+    // FIXME: need help from the stack or local calculation
+    // generate a new set of keys
+    DmSecGenerateEccKeyReq();
+#endif
+
     return BLE_ERROR_NONE;
 }
 
@@ -53,6 +68,7 @@ ble_error_t CordioSecurityManager::terminate()
 
 ble_error_t CordioSecurityManager::reset()
 {
+    initialize();
     return BLE_ERROR_NONE;
 }
 
@@ -93,6 +109,8 @@ ble_error_t CordioSecurityManager::clear_resolving_list()
 // Feature support
 //
 
+// FIXME: Enable when new function available in the pal.
+#if 0
 ble_error_t CordioSecurityManager::set_secure_connections_support(
     bool enabled, bool secure_connections_only
 ) {
@@ -104,6 +122,7 @@ ble_error_t CordioSecurityManager::set_secure_connections_support(
     }
     return BLE_ERROR_NONE;
 }
+#endif
 
 ble_error_t CordioSecurityManager::get_secure_connections_support(
     bool &enabled
@@ -253,12 +272,6 @@ ble_error_t CordioSecurityManager::set_csrk(const csrk_t& csrk)
     return BLE_ERROR_NONE;
 }
 
-ble_error_t CordioSecurityManager::generate_public_key()
-{
-    // FIXME
-    return BLE_ERROR_NOT_IMPLEMENTED;
-}
-
 ////////////////////////////////////////////////////////////////////////////
 // Global parameters
 //
@@ -380,8 +393,8 @@ ble_error_t CordioSecurityManager::legacy_pairing_oob_request_reply(
 ble_error_t CordioSecurityManager::confirmation_entered(
     connection_handle_t connection, bool confirmation
 ) {
-    // FIXME:
-    return BLE_ERROR_NOT_IMPLEMENTED;
+    DmSecCompareRsp(connection, confirmation);
+    return BLE_ERROR_NONE;
 }
 
 // FIXME: remove when declaration from the stack is available
@@ -397,6 +410,13 @@ ble_error_t CordioSecurityManager::send_keypress_notification(
 ble_error_t CordioSecurityManager::generate_secure_connections_oob(
     connection_handle_t connection
 ) {
+    // Note: this is not tie to a connection; only one oob value is present in
+    // the pal.
+
+    uint8_t oobLocalRandom[SMP_RAND_LEN];
+    SecRand(oobLocalRandom, SMP_RAND_LEN);
+    DmSecCalcOobReq(oobLocalRandom, _public_key_x);
+
     return BLE_ERROR_NOT_IMPLEMENTED;
 }
 
@@ -406,7 +426,18 @@ ble_error_t CordioSecurityManager::secure_connections_oob_request_reply(
     const oob_lesc_value_t &peer_random,
     const oob_confirm_t &peer_confirm
 ) {
-    return BLE_ERROR_NOT_IMPLEMENTED;
+    dmSecLescOobCfg_t oob_config = { 0 };
+
+    memcpy(oob_config.localRandom, local_random.data(), local_random.size());
+    // FIXME:
+    // memcpy(oob_config.localConfirm, ?, ?);
+    memcpy(oob_config.peerRandom, peer_random.data(), peer_random.size());
+    memcpy(oob_config.peerConfirm, peer_confirm.data(), peer_confirm.size());
+
+    DmSecSetOob(connection, &oob_config);
+    DmSecAuthRsp(connection, 0, NULL);
+
+    return BLE_ERROR_NONE;
 }
 
 CordioSecurityManager& CordioSecurityManager::get_security_manager()
@@ -416,8 +447,8 @@ CordioSecurityManager& CordioSecurityManager::get_security_manager()
 }
 
 bool CordioSecurityManager::sm_handler(const wsfMsgHdr_t* msg) {
-    SecurityManager::EventHandler* handler =
-        get_security_manager().get_event_handler();
+    CordioSecurityManager& self = get_security_manager();
+    SecurityManager::EventHandler* handler = self.get_event_handler();
 
     if ((msg == NULL) || (handler == NULL)) {
         return false;
@@ -479,6 +510,11 @@ bool CordioSecurityManager::sm_handler(const wsfMsgHdr_t* msg) {
             connection_handle_t connection = evt->hdr.param;
 
             if (evt->oob) {
+                // FIXME: Nothing in the API indicates if smp or sc OOB are
+                // requested.
+                // To set secure connection OOB:
+                //   - DmSecSetOob(connection, oob_data)
+                //   - DmSecAuthRsp(connection, 0, NULL)
                 handler->on_legacy_pairing_oob_request(connection);
             } else if (evt->display) {
                 if (get_security_manager()._use_default_passkey) {
@@ -602,18 +638,36 @@ bool CordioSecurityManager::sm_handler(const wsfMsgHdr_t* msg) {
             return true;
         }
 
-        case DM_SEC_CALC_OOB_IND:
+        case DM_SEC_CALC_OOB_IND: {
+            dmSecOobCalcIndEvt_t* evt = (dmSecOobCalcIndEvt_t*) msg;
+            handler->on_secure_connections_oob_generated(
+                evt->hdr.param,
+                evt->random,
+                evt->confirm
+            );
             return true;
+        }
 
-        case DM_SEC_ECC_KEY_IND:
+        case DM_SEC_ECC_KEY_IND: {
+            secEccMsg_t* evt = (secEccMsg_t*) msg;
+            DmSecSetEccKey(&evt->data.key);
+            memcpy(self._public_key_x, evt->data.key.pubKey_x, sizeof(_public_key_x));
+            self._lesc_keys_generated = true;
             return true;
+        }
 
-        case DM_SEC_COMPARE_IND:
+        case DM_SEC_COMPARE_IND: {
+            dmSecCnfIndEvt_t* evt = (dmSecCnfIndEvt_t*) msg;
+            handler->on_passkey_display(
+                /* connection */ evt->hdr.param,
+                DmSecGetCompareValue(evt->confirm)
+            );
+            handler->on_confirmation_request(/* connection */ evt->hdr.param);
             return true;
+        }
 
         case DM_SEC_KEYPRESS_IND: {
             dmSecKeypressIndEvt_t* evt = (dmSecKeypressIndEvt_t*) msg;
-
             handler->on_keypress_notification(
                 /* connection */ evt->hdr.param,
                 (Keypress_t) evt->notificationType