ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Cordio: Implement missing functions for secure connection

pull/6932/head
Vincent Coubard 2018-03-09 18:06:22 +00:00
parent b859907481
commit 3579653533
2 changed files with 135 additions and 81 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
features/FEATURE_BLE/targets/TARGET_CORDIO/CordioPalSecurityManager.h
View File

@ -20,6 +20,8 @@
#include "ble/pal/PalSecurityManager.h" #include "ble/pal/PalSecurityManager.h"
#include "wsf_types.h" #include "wsf_types.h"
#include "wsf_os.h" #include "wsf_os.h"
#include "sec_api.h"
#include "smp_defs.h"
namespace ble { namespace ble {
namespace pal { namespace pal {
@ -83,16 +85,42 @@ public:
virtual ble_error_t clear_resolving_list(); virtual ble_error_t clear_resolving_list();
//////////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////////////
// Feature support // Pairing
// //
/** /**
* @see ::ble::pal::SecurityManager::set_secure_connections_support * @see ::ble::pal::SecurityManager::send_pairing_request
*/ */
virtual ble_error_t set_secure_connections_support( virtual ble_error_t send_pairing_request(
bool enabled, bool secure_connections_only = false connection_handle_t connection,
bool oob_data_flag,
AuthenticationMask authentication_requirements,
KeyDistribution initiator_dist,
KeyDistribution responder_dist
); );
/**
* @see ::ble::pal::SecurityManager::send_pairing_response
*/
virtual ble_error_t send_pairing_response(
connection_handle_t connection,
bool oob_data_flag,
AuthenticationMask authentication_requirements,
KeyDistribution initiator_dist,
KeyDistribution responder_dist
);
/**
* @see ::ble::pal::SecurityManager::cancel_pairing
*/
virtual ble_error_t cancel_pairing(
connection_handle_t connection, pairing_failure_t reason
);
////////////////////////////////////////////////////////////////////////////
// Feature support
//
/** /**
* @see ::ble::pal::SecurityManager::get_secure_connections_support * @see ::ble::pal::SecurityManager::get_secure_connections_support
*/ */
@ -100,6 +128,11 @@ public:
bool &enabled bool &enabled
); );
/**
* @see ::ble::pal::SecurityManager::set_io_capability
*/
virtual ble_error_t set_io_capability(io_capability_t io_capability);
//////////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////////////
// Security settings // Security settings
// //
@ -118,6 +151,17 @@ public:
connection_handle_t, uint16_t &timeout_in_10ms connection_handle_t, uint16_t &timeout_in_10ms
); );
/**
* @see ::ble::pal::SecurityManager::set_encryption_key_requirements
*/
virtual ble_error_t set_encryption_key_requirements(
uint8_t min_encryption_key_size,
uint8_t max_encryption_key_size
);
/**
* @see ::ble::pal::SecurityManager::slave_security_request
*/
virtual ble_error_t slave_security_request( virtual ble_error_t slave_security_request(
connection_handle_t connection, connection_handle_t connection,
AuthenticationMask authentication AuthenticationMask authentication
@ -195,61 +239,10 @@ public:
*/ */
virtual ble_error_t set_csrk(const csrk_t &csrk); virtual ble_error_t set_csrk(const csrk_t &csrk);
////////////////////////////////////////////////////////////////////////////
// Global parameters
//
/**
* @see ::ble::pal::SecurityManager::set_display_passkey
*/
virtual ble_error_t set_display_passkey(passkey_num_t passkey);
/**
* @see ::ble::pal::SecurityManager::set_io_capability
*/
virtual ble_error_t set_io_capability(io_capability_t io_capability);
/**
* @see ::ble::pal::SecurityManager::set_encryption_key_requirements
*/
virtual ble_error_t set_encryption_key_requirements(
uint8_t min_encryption_key_size,
uint8_t max_encryption_key_size
);
//////////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////////////
// Authentication // Authentication
// //
/**
* @see ::ble::pal::SecurityManager::send_pairing_request
*/
virtual ble_error_t send_pairing_request(
connection_handle_t connection,
bool oob_data_flag,
AuthenticationMask authentication_requirements,
KeyDistribution initiator_dist,
KeyDistribution responder_dist
);
/**
* @see ::ble::pal::SecurityManager::send_pairing_response
*/
virtual ble_error_t send_pairing_response(
connection_handle_t connection,
bool oob_data_flag,
AuthenticationMask authentication_requirements,
KeyDistribution initiator_dist,
KeyDistribution responder_dist
);
/**
* @see ::ble::pal::SecurityManager::cancel_pairing
*/
virtual ble_error_t cancel_pairing(
connection_handle_t connection, pairing_failure_t reason
);
/** /**
* @see ::ble::pal::SecurityManager::get_random_data * @see ::ble::pal::SecurityManager::get_random_data
*/ */
@ -259,6 +252,11 @@ public:
// MITM // MITM
// //
/**
* @see ::ble::pal::SecurityManager::set_display_passkey
*/
virtual ble_error_t set_display_passkey(passkey_num_t passkey);
/** /**
* @see ::ble::pal::SecurityManager::passkey_request_reply * @see ::ble::pal::SecurityManager::passkey_request_reply
*/ */
@ -267,6 +265,16 @@ public:
passkey_num_t passkey passkey_num_t passkey
); );
/**
* @see ::ble::pal::SecurityManager::secure_connections_oob_request_reply
*/
virtual ble_error_t secure_connections_oob_request_reply(
connection_handle_t connection,
const oob_lesc_value_t &local_random,
const oob_lesc_value_t &peer_random,
const oob_confirm_t &peer_confirm
);
/** /**
* @see ::ble::pal::SecurityManager::legacy_pairing_oob_request_reply * @see ::ble::pal::SecurityManager::legacy_pairing_oob_request_reply
*/ */
@ -296,16 +304,6 @@ public:
connection_handle_t connection connection_handle_t connection
); );
/**
* @see ::ble::pal::SecurityManager::secure_connections_oob_request_reply
*/
virtual ble_error_t secure_connections_oob_request_reply(
connection_handle_t connection,
const oob_lesc_value_t &local_random,
const oob_lesc_value_t &peer_random,
const oob_confirm_t &peer_confirm
);
// singleton of the ARM Cordio Security Manager // singleton of the ARM Cordio Security Manager
static CordioSecurityManager &get_security_manager(); static CordioSecurityManager &get_security_manager();
@ -315,6 +313,8 @@ public:
private: private:
bool _use_default_passkey; bool _use_default_passkey;
passkey_num_t _default_passkey; passkey_num_t _default_passkey;
bool _lesc_keys_generated;
uint8_t _public_key_x[SEC_ECC_KEY_LEN];
}; };
} // cordio } // cordio

86
features/FEATURE_BLE/targets/TARGET_CORDIO/source/CordioPalSecurityManager.cpp
View File

@ -14,6 +14,8 @@
* limitations under the License. * limitations under the License.
*/ */
#include <string.h>
#include "CordioPalSecurityManager.h" #include "CordioPalSecurityManager.h"
#include "dm_api.h" #include "dm_api.h"
#include "smp_api.h" #include "smp_api.h"
@ -27,7 +29,9 @@ namespace cordio {
CordioSecurityManager::CordioSecurityManager() : CordioSecurityManager::CordioSecurityManager() :
::ble::pal::SecurityManager(), ::ble::pal::SecurityManager(),
_use_default_passkey(false), _use_default_passkey(false),
_default_passkey(0) _default_passkey(0),
_lesc_keys_generated(false),
_public_key_x()
{ {
} }
@ -43,6 +47,17 @@ CordioSecurityManager::~CordioSecurityManager()
ble_error_t CordioSecurityManager::initialize() ble_error_t CordioSecurityManager::initialize()
{ {
// reset local state
_use_default_passkey = false;
_default_passkey = 0;
_lesc_keys_generated = false;
#if 0
// FIXME: need help from the stack or local calculation
// generate a new set of keys
DmSecGenerateEccKeyReq();
#endif
return BLE_ERROR_NONE; return BLE_ERROR_NONE;
} }
@ -53,6 +68,7 @@ ble_error_t CordioSecurityManager::terminate()
ble_error_t CordioSecurityManager::reset() ble_error_t CordioSecurityManager::reset()
{ {
initialize();
return BLE_ERROR_NONE; return BLE_ERROR_NONE;
} }
@ -93,6 +109,8 @@ ble_error_t CordioSecurityManager::clear_resolving_list()
// Feature support // Feature support
// //
// FIXME: Enable when new function available in the pal.
#if 0
ble_error_t CordioSecurityManager::set_secure_connections_support( ble_error_t CordioSecurityManager::set_secure_connections_support(
bool enabled, bool secure_connections_only bool enabled, bool secure_connections_only
) { ) {
@ -104,6 +122,7 @@ ble_error_t CordioSecurityManager::set_secure_connections_support(
} }
return BLE_ERROR_NONE; return BLE_ERROR_NONE;
} }
#endif
ble_error_t CordioSecurityManager::get_secure_connections_support( ble_error_t CordioSecurityManager::get_secure_connections_support(
bool &enabled bool &enabled
@ -253,12 +272,6 @@ ble_error_t CordioSecurityManager::set_csrk(const csrk_t& csrk)
return BLE_ERROR_NONE; return BLE_ERROR_NONE;
} }
ble_error_t CordioSecurityManager::generate_public_key()
{
// FIXME
return BLE_ERROR_NOT_IMPLEMENTED;
}
//////////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////////////
// Global parameters // Global parameters
// //
@ -380,8 +393,8 @@ ble_error_t CordioSecurityManager::legacy_pairing_oob_request_reply(
ble_error_t CordioSecurityManager::confirmation_entered( ble_error_t CordioSecurityManager::confirmation_entered(
connection_handle_t connection, bool confirmation connection_handle_t connection, bool confirmation
) { ) {
// FIXME: DmSecCompareRsp(connection, confirmation);
return BLE_ERROR_NOT_IMPLEMENTED; return BLE_ERROR_NONE;
} }
// FIXME: remove when declaration from the stack is available // FIXME: remove when declaration from the stack is available
@ -397,6 +410,13 @@ ble_error_t CordioSecurityManager::send_keypress_notification(
ble_error_t CordioSecurityManager::generate_secure_connections_oob( ble_error_t CordioSecurityManager::generate_secure_connections_oob(
connection_handle_t connection connection_handle_t connection
) { ) {
// Note: this is not tie to a connection; only one oob value is present in
// the pal.
uint8_t oobLocalRandom[SMP_RAND_LEN];
SecRand(oobLocalRandom, SMP_RAND_LEN);
DmSecCalcOobReq(oobLocalRandom, _public_key_x);
return BLE_ERROR_NOT_IMPLEMENTED; return BLE_ERROR_NOT_IMPLEMENTED;
} }
@ -406,7 +426,18 @@ ble_error_t CordioSecurityManager::secure_connections_oob_request_reply(
const oob_lesc_value_t &peer_random, const oob_lesc_value_t &peer_random,
const oob_confirm_t &peer_confirm const oob_confirm_t &peer_confirm
) { ) {
return BLE_ERROR_NOT_IMPLEMENTED; dmSecLescOobCfg_t oob_config = { 0 };
memcpy(oob_config.localRandom, local_random.data(), local_random.size());
// FIXME:
// memcpy(oob_config.localConfirm, ?, ?);
memcpy(oob_config.peerRandom, peer_random.data(), peer_random.size());
memcpy(oob_config.peerConfirm, peer_confirm.data(), peer_confirm.size());
DmSecSetOob(connection, &oob_config);
DmSecAuthRsp(connection, 0, NULL);
return BLE_ERROR_NONE;
} }
CordioSecurityManager& CordioSecurityManager::get_security_manager() CordioSecurityManager& CordioSecurityManager::get_security_manager()
@ -416,8 +447,8 @@ CordioSecurityManager& CordioSecurityManager::get_security_manager()
} }
bool CordioSecurityManager::sm_handler(const wsfMsgHdr_t* msg) { bool CordioSecurityManager::sm_handler(const wsfMsgHdr_t* msg) {
SecurityManager::EventHandler* handler = CordioSecurityManager& self = get_security_manager();
get_security_manager().get_event_handler(); SecurityManager::EventHandler* handler = self.get_event_handler();
if ((msg == NULL) || (handler == NULL)) { if ((msg == NULL) || (handler == NULL)) {
return false; return false;
@ -479,6 +510,11 @@ bool CordioSecurityManager::sm_handler(const wsfMsgHdr_t* msg) {
connection_handle_t connection = evt->hdr.param; connection_handle_t connection = evt->hdr.param;
if (evt->oob) { if (evt->oob) {
// FIXME: Nothing in the API indicates if smp or sc OOB are
// requested.
// To set secure connection OOB:
// - DmSecSetOob(connection, oob_data)
// - DmSecAuthRsp(connection, 0, NULL)
handler->on_legacy_pairing_oob_request(connection); handler->on_legacy_pairing_oob_request(connection);
} else if (evt->display) { } else if (evt->display) {
if (get_security_manager()._use_default_passkey) { if (get_security_manager()._use_default_passkey) {
@ -602,18 +638,36 @@ bool CordioSecurityManager::sm_handler(const wsfMsgHdr_t* msg) {
return true; return true;
} }
case DM_SEC_CALC_OOB_IND: case DM_SEC_CALC_OOB_IND: {
dmSecOobCalcIndEvt_t* evt = (dmSecOobCalcIndEvt_t*) msg;
handler->on_secure_connections_oob_generated(
evt->hdr.param,
evt->random,
evt->confirm
);
return true; return true;
}
case DM_SEC_ECC_KEY_IND: case DM_SEC_ECC_KEY_IND: {
secEccMsg_t* evt = (secEccMsg_t*) msg;
DmSecSetEccKey(&evt->data.key);
memcpy(self._public_key_x, evt->data.key.pubKey_x, sizeof(_public_key_x));
self._lesc_keys_generated = true;
return true; return true;
}
case DM_SEC_COMPARE_IND: case DM_SEC_COMPARE_IND: {
dmSecCnfIndEvt_t* evt = (dmSecCnfIndEvt_t*) msg;
handler->on_passkey_display(
/* connection */ evt->hdr.param,
DmSecGetCompareValue(evt->confirm)
);
handler->on_confirmation_request(/* connection */ evt->hdr.param);
return true; return true;
}
case DM_SEC_KEYPRESS_IND: { case DM_SEC_KEYPRESS_IND: {
dmSecKeypressIndEvt_t* evt = (dmSecKeypressIndEvt_t*) msg; dmSecKeypressIndEvt_t* evt = (dmSecKeypressIndEvt_t*) msg;
handler->on_keypress_notification( handler->on_keypress_notification(
/* connection */ evt->hdr.param, /* connection */ evt->hdr.param,
(Keypress_t) evt->notificationType (Keypress_t) evt->notificationType