diff --git a/features/FEATURE_BLE/targets/TARGET_CORDIO/CordioPalSecurityManager.h b/features/FEATURE_BLE/targets/TARGET_CORDIO/CordioPalSecurityManager.h index d8fb104990..458f20311c 100644 --- a/features/FEATURE_BLE/targets/TARGET_CORDIO/CordioPalSecurityManager.h +++ b/features/FEATURE_BLE/targets/TARGET_CORDIO/CordioPalSecurityManager.h @@ -20,6 +20,8 @@ #include "ble/pal/PalSecurityManager.h" #include "wsf_types.h" #include "wsf_os.h" +#include "sec_api.h" +#include "smp_defs.h" namespace ble { namespace pal { @@ -83,16 +85,42 @@ public: virtual ble_error_t clear_resolving_list(); //////////////////////////////////////////////////////////////////////////// - // Feature support + // Pairing // /** - * @see ::ble::pal::SecurityManager::set_secure_connections_support + * @see ::ble::pal::SecurityManager::send_pairing_request */ - virtual ble_error_t set_secure_connections_support( - bool enabled, bool secure_connections_only = false + virtual ble_error_t send_pairing_request( + connection_handle_t connection, + bool oob_data_flag, + AuthenticationMask authentication_requirements, + KeyDistribution initiator_dist, + KeyDistribution responder_dist ); + /** + * @see ::ble::pal::SecurityManager::send_pairing_response + */ + virtual ble_error_t send_pairing_response( + connection_handle_t connection, + bool oob_data_flag, + AuthenticationMask authentication_requirements, + KeyDistribution initiator_dist, + KeyDistribution responder_dist + ); + + /** + * @see ::ble::pal::SecurityManager::cancel_pairing + */ + virtual ble_error_t cancel_pairing( + connection_handle_t connection, pairing_failure_t reason + ); + + //////////////////////////////////////////////////////////////////////////// + // Feature support + // + /** * @see ::ble::pal::SecurityManager::get_secure_connections_support */ @@ -100,6 +128,11 @@ public: bool &enabled ); + /** + * @see ::ble::pal::SecurityManager::set_io_capability + */ + virtual ble_error_t set_io_capability(io_capability_t io_capability); + //////////////////////////////////////////////////////////////////////////// // Security settings // @@ -118,6 +151,17 @@ public: connection_handle_t, uint16_t &timeout_in_10ms ); + /** + * @see ::ble::pal::SecurityManager::set_encryption_key_requirements + */ + virtual ble_error_t set_encryption_key_requirements( + uint8_t min_encryption_key_size, + uint8_t max_encryption_key_size + ); + + /** + * @see ::ble::pal::SecurityManager::slave_security_request + */ virtual ble_error_t slave_security_request( connection_handle_t connection, AuthenticationMask authentication @@ -195,61 +239,10 @@ public: */ virtual ble_error_t set_csrk(const csrk_t &csrk); - //////////////////////////////////////////////////////////////////////////// - // Global parameters - // - - /** - * @see ::ble::pal::SecurityManager::set_display_passkey - */ - virtual ble_error_t set_display_passkey(passkey_num_t passkey); - - /** - * @see ::ble::pal::SecurityManager::set_io_capability - */ - virtual ble_error_t set_io_capability(io_capability_t io_capability); - - /** - * @see ::ble::pal::SecurityManager::set_encryption_key_requirements - */ - virtual ble_error_t set_encryption_key_requirements( - uint8_t min_encryption_key_size, - uint8_t max_encryption_key_size - ); - //////////////////////////////////////////////////////////////////////////// // Authentication // - /** - * @see ::ble::pal::SecurityManager::send_pairing_request - */ - virtual ble_error_t send_pairing_request( - connection_handle_t connection, - bool oob_data_flag, - AuthenticationMask authentication_requirements, - KeyDistribution initiator_dist, - KeyDistribution responder_dist - ); - - /** - * @see ::ble::pal::SecurityManager::send_pairing_response - */ - virtual ble_error_t send_pairing_response( - connection_handle_t connection, - bool oob_data_flag, - AuthenticationMask authentication_requirements, - KeyDistribution initiator_dist, - KeyDistribution responder_dist - ); - - /** - * @see ::ble::pal::SecurityManager::cancel_pairing - */ - virtual ble_error_t cancel_pairing( - connection_handle_t connection, pairing_failure_t reason - ); - /** * @see ::ble::pal::SecurityManager::get_random_data */ @@ -259,6 +252,11 @@ public: // MITM // + /** + * @see ::ble::pal::SecurityManager::set_display_passkey + */ + virtual ble_error_t set_display_passkey(passkey_num_t passkey); + /** * @see ::ble::pal::SecurityManager::passkey_request_reply */ @@ -267,6 +265,16 @@ public: passkey_num_t passkey ); + /** + * @see ::ble::pal::SecurityManager::secure_connections_oob_request_reply + */ + virtual ble_error_t secure_connections_oob_request_reply( + connection_handle_t connection, + const oob_lesc_value_t &local_random, + const oob_lesc_value_t &peer_random, + const oob_confirm_t &peer_confirm + ); + /** * @see ::ble::pal::SecurityManager::legacy_pairing_oob_request_reply */ @@ -296,16 +304,6 @@ public: connection_handle_t connection ); - /** - * @see ::ble::pal::SecurityManager::secure_connections_oob_request_reply - */ - virtual ble_error_t secure_connections_oob_request_reply( - connection_handle_t connection, - const oob_lesc_value_t &local_random, - const oob_lesc_value_t &peer_random, - const oob_confirm_t &peer_confirm - ); - // singleton of the ARM Cordio Security Manager static CordioSecurityManager &get_security_manager(); @@ -315,6 +313,8 @@ public: private: bool _use_default_passkey; passkey_num_t _default_passkey; + bool _lesc_keys_generated; + uint8_t _public_key_x[SEC_ECC_KEY_LEN]; }; } // cordio diff --git a/features/FEATURE_BLE/targets/TARGET_CORDIO/source/CordioPalSecurityManager.cpp b/features/FEATURE_BLE/targets/TARGET_CORDIO/source/CordioPalSecurityManager.cpp index 7764bbd09c..2935fdcc41 100644 --- a/features/FEATURE_BLE/targets/TARGET_CORDIO/source/CordioPalSecurityManager.cpp +++ b/features/FEATURE_BLE/targets/TARGET_CORDIO/source/CordioPalSecurityManager.cpp @@ -14,6 +14,8 @@ * limitations under the License. */ +#include + #include "CordioPalSecurityManager.h" #include "dm_api.h" #include "smp_api.h" @@ -27,7 +29,9 @@ namespace cordio { CordioSecurityManager::CordioSecurityManager() : ::ble::pal::SecurityManager(), _use_default_passkey(false), - _default_passkey(0) + _default_passkey(0), + _lesc_keys_generated(false), + _public_key_x() { } @@ -43,6 +47,17 @@ CordioSecurityManager::~CordioSecurityManager() ble_error_t CordioSecurityManager::initialize() { + // reset local state + _use_default_passkey = false; + _default_passkey = 0; + _lesc_keys_generated = false; + +#if 0 + // FIXME: need help from the stack or local calculation + // generate a new set of keys + DmSecGenerateEccKeyReq(); +#endif + return BLE_ERROR_NONE; } @@ -53,6 +68,7 @@ ble_error_t CordioSecurityManager::terminate() ble_error_t CordioSecurityManager::reset() { + initialize(); return BLE_ERROR_NONE; } @@ -93,6 +109,8 @@ ble_error_t CordioSecurityManager::clear_resolving_list() // Feature support // +// FIXME: Enable when new function available in the pal. +#if 0 ble_error_t CordioSecurityManager::set_secure_connections_support( bool enabled, bool secure_connections_only ) { @@ -104,6 +122,7 @@ ble_error_t CordioSecurityManager::set_secure_connections_support( } return BLE_ERROR_NONE; } +#endif ble_error_t CordioSecurityManager::get_secure_connections_support( bool &enabled @@ -253,12 +272,6 @@ ble_error_t CordioSecurityManager::set_csrk(const csrk_t& csrk) return BLE_ERROR_NONE; } -ble_error_t CordioSecurityManager::generate_public_key() -{ - // FIXME - return BLE_ERROR_NOT_IMPLEMENTED; -} - //////////////////////////////////////////////////////////////////////////// // Global parameters // @@ -380,8 +393,8 @@ ble_error_t CordioSecurityManager::legacy_pairing_oob_request_reply( ble_error_t CordioSecurityManager::confirmation_entered( connection_handle_t connection, bool confirmation ) { - // FIXME: - return BLE_ERROR_NOT_IMPLEMENTED; + DmSecCompareRsp(connection, confirmation); + return BLE_ERROR_NONE; } // FIXME: remove when declaration from the stack is available @@ -397,6 +410,13 @@ ble_error_t CordioSecurityManager::send_keypress_notification( ble_error_t CordioSecurityManager::generate_secure_connections_oob( connection_handle_t connection ) { + // Note: this is not tie to a connection; only one oob value is present in + // the pal. + + uint8_t oobLocalRandom[SMP_RAND_LEN]; + SecRand(oobLocalRandom, SMP_RAND_LEN); + DmSecCalcOobReq(oobLocalRandom, _public_key_x); + return BLE_ERROR_NOT_IMPLEMENTED; } @@ -406,7 +426,18 @@ ble_error_t CordioSecurityManager::secure_connections_oob_request_reply( const oob_lesc_value_t &peer_random, const oob_confirm_t &peer_confirm ) { - return BLE_ERROR_NOT_IMPLEMENTED; + dmSecLescOobCfg_t oob_config = { 0 }; + + memcpy(oob_config.localRandom, local_random.data(), local_random.size()); + // FIXME: + // memcpy(oob_config.localConfirm, ?, ?); + memcpy(oob_config.peerRandom, peer_random.data(), peer_random.size()); + memcpy(oob_config.peerConfirm, peer_confirm.data(), peer_confirm.size()); + + DmSecSetOob(connection, &oob_config); + DmSecAuthRsp(connection, 0, NULL); + + return BLE_ERROR_NONE; } CordioSecurityManager& CordioSecurityManager::get_security_manager() @@ -416,8 +447,8 @@ CordioSecurityManager& CordioSecurityManager::get_security_manager() } bool CordioSecurityManager::sm_handler(const wsfMsgHdr_t* msg) { - SecurityManager::EventHandler* handler = - get_security_manager().get_event_handler(); + CordioSecurityManager& self = get_security_manager(); + SecurityManager::EventHandler* handler = self.get_event_handler(); if ((msg == NULL) || (handler == NULL)) { return false; @@ -479,6 +510,11 @@ bool CordioSecurityManager::sm_handler(const wsfMsgHdr_t* msg) { connection_handle_t connection = evt->hdr.param; if (evt->oob) { + // FIXME: Nothing in the API indicates if smp or sc OOB are + // requested. + // To set secure connection OOB: + // - DmSecSetOob(connection, oob_data) + // - DmSecAuthRsp(connection, 0, NULL) handler->on_legacy_pairing_oob_request(connection); } else if (evt->display) { if (get_security_manager()._use_default_passkey) { @@ -602,18 +638,36 @@ bool CordioSecurityManager::sm_handler(const wsfMsgHdr_t* msg) { return true; } - case DM_SEC_CALC_OOB_IND: + case DM_SEC_CALC_OOB_IND: { + dmSecOobCalcIndEvt_t* evt = (dmSecOobCalcIndEvt_t*) msg; + handler->on_secure_connections_oob_generated( + evt->hdr.param, + evt->random, + evt->confirm + ); return true; + } - case DM_SEC_ECC_KEY_IND: + case DM_SEC_ECC_KEY_IND: { + secEccMsg_t* evt = (secEccMsg_t*) msg; + DmSecSetEccKey(&evt->data.key); + memcpy(self._public_key_x, evt->data.key.pubKey_x, sizeof(_public_key_x)); + self._lesc_keys_generated = true; return true; + } - case DM_SEC_COMPARE_IND: + case DM_SEC_COMPARE_IND: { + dmSecCnfIndEvt_t* evt = (dmSecCnfIndEvt_t*) msg; + handler->on_passkey_display( + /* connection */ evt->hdr.param, + DmSecGetCompareValue(evt->confirm) + ); + handler->on_confirmation_request(/* connection */ evt->hdr.param); return true; + } case DM_SEC_KEYPRESS_IND: { dmSecKeypressIndEvt_t* evt = (dmSecKeypressIndEvt_t*) msg; - handler->on_keypress_notification( /* connection */ evt->hdr.param, (Keypress_t) evt->notificationType