ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Cordio: Implement missing functions for secure connection

pull/6932/head
Vincent Coubard 2018-03-09 18:06:22 +00:00
parent b859907481
commit 3579653533
2 changed files with 135 additions and 81 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
features/FEATURE_BLE/targets/TARGET_CORDIO/CordioPalSecurityManager.h
View File

@ -20,6 +20,8 @@
#include "ble/pal/PalSecurityManager.h"
#include "wsf_types.h"
#include "wsf_os.h"
#include "sec_api.h"
#include "smp_defs.h"
namespace ble {
namespace pal {
@ -83,16 +85,42 @@ public:
virtual ble_error_t clear_resolving_list();
////////////////////////////////////////////////////////////////////////////
// Feature support
// Pairing
//
/**
* @see ::ble::pal::SecurityManager::set_secure_connections_support
* @see ::ble::pal::SecurityManager::send_pairing_request
*/
virtual ble_error_t set_secure_connections_support(
bool enabled, bool secure_connections_only = false
virtual ble_error_t send_pairing_request(
connection_handle_t connection,
bool oob_data_flag,
AuthenticationMask authentication_requirements,
KeyDistribution initiator_dist,
KeyDistribution responder_dist
);
/**
* @see ::ble::pal::SecurityManager::send_pairing_response
*/
virtual ble_error_t send_pairing_response(
connection_handle_t connection,
bool oob_data_flag,
AuthenticationMask authentication_requirements,
KeyDistribution initiator_dist,
KeyDistribution responder_dist
);
/**
* @see ::ble::pal::SecurityManager::cancel_pairing
*/
virtual ble_error_t cancel_pairing(
connection_handle_t connection, pairing_failure_t reason
);
////////////////////////////////////////////////////////////////////////////
// Feature support
//
/**
* @see ::ble::pal::SecurityManager::get_secure_connections_support
*/
@ -100,6 +128,11 @@ public:
bool &enabled
);
/**
* @see ::ble::pal::SecurityManager::set_io_capability
*/
virtual ble_error_t set_io_capability(io_capability_t io_capability);
////////////////////////////////////////////////////////////////////////////
// Security settings
//
@ -118,6 +151,17 @@ public:
connection_handle_t, uint16_t &timeout_in_10ms
);
/**
* @see ::ble::pal::SecurityManager::set_encryption_key_requirements
*/
virtual ble_error_t set_encryption_key_requirements(
uint8_t min_encryption_key_size,
uint8_t max_encryption_key_size
);
/**
* @see ::ble::pal::SecurityManager::slave_security_request
*/
virtual ble_error_t slave_security_request(
connection_handle_t connection,
AuthenticationMask authentication
@ -195,61 +239,10 @@ public:
*/
virtual ble_error_t set_csrk(const csrk_t &csrk);
////////////////////////////////////////////////////////////////////////////
// Global parameters
//
/**
* @see ::ble::pal::SecurityManager::set_display_passkey
*/
virtual ble_error_t set_display_passkey(passkey_num_t passkey);
/**
* @see ::ble::pal::SecurityManager::set_io_capability
*/
virtual ble_error_t set_io_capability(io_capability_t io_capability);
/**
* @see ::ble::pal::SecurityManager::set_encryption_key_requirements
*/
virtual ble_error_t set_encryption_key_requirements(
uint8_t min_encryption_key_size,
uint8_t max_encryption_key_size
);
////////////////////////////////////////////////////////////////////////////
// Authentication
//
/**
* @see ::ble::pal::SecurityManager::send_pairing_request
*/
virtual ble_error_t send_pairing_request(
connection_handle_t connection,
bool oob_data_flag,
AuthenticationMask authentication_requirements,
KeyDistribution initiator_dist,
KeyDistribution responder_dist
);
/**
* @see ::ble::pal::SecurityManager::send_pairing_response
*/
virtual ble_error_t send_pairing_response(
connection_handle_t connection,
bool oob_data_flag,
AuthenticationMask authentication_requirements,
KeyDistribution initiator_dist,
KeyDistribution responder_dist
);
/**
* @see ::ble::pal::SecurityManager::cancel_pairing
*/
virtual ble_error_t cancel_pairing(
connection_handle_t connection, pairing_failure_t reason
);
/**
* @see ::ble::pal::SecurityManager::get_random_data
*/
@ -259,6 +252,11 @@ public:
// MITM
//
/**
* @see ::ble::pal::SecurityManager::set_display_passkey
*/
virtual ble_error_t set_display_passkey(passkey_num_t passkey);
/**
* @see ::ble::pal::SecurityManager::passkey_request_reply
*/
@ -267,6 +265,16 @@ public:
passkey_num_t passkey
);
/**
* @see ::ble::pal::SecurityManager::secure_connections_oob_request_reply
*/
virtual ble_error_t secure_connections_oob_request_reply(
connection_handle_t connection,
const oob_lesc_value_t &local_random,
const oob_lesc_value_t &peer_random,
const oob_confirm_t &peer_confirm
);
/**
* @see ::ble::pal::SecurityManager::legacy_pairing_oob_request_reply
*/
@ -296,16 +304,6 @@ public:
connection_handle_t connection
);
/**
* @see ::ble::pal::SecurityManager::secure_connections_oob_request_reply
*/
virtual ble_error_t secure_connections_oob_request_reply(
connection_handle_t connection,
const oob_lesc_value_t &local_random,
const oob_lesc_value_t &peer_random,
const oob_confirm_t &peer_confirm
);
// singleton of the ARM Cordio Security Manager
static CordioSecurityManager &get_security_manager();
@ -315,6 +313,8 @@ public:
private:
bool _use_default_passkey;
passkey_num_t _default_passkey;
bool _lesc_keys_generated;
uint8_t _public_key_x[SEC_ECC_KEY_LEN];
};
} // cordio

86
features/FEATURE_BLE/targets/TARGET_CORDIO/source/CordioPalSecurityManager.cpp
View File

@ -14,6 +14,8 @@
* limitations under the License.
*/
#include <string.h>
#include "CordioPalSecurityManager.h"
#include "dm_api.h"
#include "smp_api.h"
@ -27,7 +29,9 @@ namespace cordio {
CordioSecurityManager::CordioSecurityManager() :
::ble::pal::SecurityManager(),
_use_default_passkey(false),
_default_passkey(0)
_default_passkey(0),
_lesc_keys_generated(false),
_public_key_x()
{
}
@ -43,6 +47,17 @@ CordioSecurityManager::~CordioSecurityManager()
ble_error_t CordioSecurityManager::initialize()
{
// reset local state
_use_default_passkey = false;
_default_passkey = 0;
_lesc_keys_generated = false;
#if 0
// FIXME: need help from the stack or local calculation
// generate a new set of keys
DmSecGenerateEccKeyReq();
#endif
return BLE_ERROR_NONE;
}
@ -53,6 +68,7 @@ ble_error_t CordioSecurityManager::terminate()
ble_error_t CordioSecurityManager::reset()
{
initialize();
return BLE_ERROR_NONE;
}
@ -93,6 +109,8 @@ ble_error_t CordioSecurityManager::clear_resolving_list()
// Feature support
//
// FIXME: Enable when new function available in the pal.
#if 0
ble_error_t CordioSecurityManager::set_secure_connections_support(
bool enabled, bool secure_connections_only
) {
@ -104,6 +122,7 @@ ble_error_t CordioSecurityManager::set_secure_connections_support(
}
return BLE_ERROR_NONE;
}
#endif
ble_error_t CordioSecurityManager::get_secure_connections_support(
bool &enabled
@ -253,12 +272,6 @@ ble_error_t CordioSecurityManager::set_csrk(const csrk_t& csrk)
return BLE_ERROR_NONE;
}
ble_error_t CordioSecurityManager::generate_public_key()
{
// FIXME
return BLE_ERROR_NOT_IMPLEMENTED;
}
////////////////////////////////////////////////////////////////////////////
// Global parameters
//
@ -380,8 +393,8 @@ ble_error_t CordioSecurityManager::legacy_pairing_oob_request_reply(
ble_error_t CordioSecurityManager::confirmation_entered(
connection_handle_t connection, bool confirmation
) {
// FIXME:
return BLE_ERROR_NOT_IMPLEMENTED;
DmSecCompareRsp(connection, confirmation);
return BLE_ERROR_NONE;
}
// FIXME: remove when declaration from the stack is available
@ -397,6 +410,13 @@ ble_error_t CordioSecurityManager::send_keypress_notification(
ble_error_t CordioSecurityManager::generate_secure_connections_oob(
connection_handle_t connection
) {
// Note: this is not tie to a connection; only one oob value is present in
// the pal.
uint8_t oobLocalRandom[SMP_RAND_LEN];
SecRand(oobLocalRandom, SMP_RAND_LEN);
DmSecCalcOobReq(oobLocalRandom, _public_key_x);
return BLE_ERROR_NOT_IMPLEMENTED;
}
@ -406,7 +426,18 @@ ble_error_t CordioSecurityManager::secure_connections_oob_request_reply(
const oob_lesc_value_t &peer_random,
const oob_confirm_t &peer_confirm
) {
return BLE_ERROR_NOT_IMPLEMENTED;
dmSecLescOobCfg_t oob_config = { 0 };
memcpy(oob_config.localRandom, local_random.data(), local_random.size());
// FIXME:
// memcpy(oob_config.localConfirm, ?, ?);
memcpy(oob_config.peerRandom, peer_random.data(), peer_random.size());
memcpy(oob_config.peerConfirm, peer_confirm.data(), peer_confirm.size());
DmSecSetOob(connection, &oob_config);
DmSecAuthRsp(connection, 0, NULL);
return BLE_ERROR_NONE;
}
CordioSecurityManager& CordioSecurityManager::get_security_manager()
@ -416,8 +447,8 @@ CordioSecurityManager& CordioSecurityManager::get_security_manager()
}
bool CordioSecurityManager::sm_handler(const wsfMsgHdr_t* msg) {
SecurityManager::EventHandler* handler =
get_security_manager().get_event_handler();
CordioSecurityManager& self = get_security_manager();
SecurityManager::EventHandler* handler = self.get_event_handler();
if ((msg == NULL) || (handler == NULL)) {
return false;
@ -479,6 +510,11 @@ bool CordioSecurityManager::sm_handler(const wsfMsgHdr_t* msg) {
connection_handle_t connection = evt->hdr.param;
if (evt->oob) {
// FIXME: Nothing in the API indicates if smp or sc OOB are
// requested.
// To set secure connection OOB:
// - DmSecSetOob(connection, oob_data)
// - DmSecAuthRsp(connection, 0, NULL)
handler->on_legacy_pairing_oob_request(connection);
} else if (evt->display) {
if (get_security_manager()._use_default_passkey) {
@ -602,18 +638,36 @@ bool CordioSecurityManager::sm_handler(const wsfMsgHdr_t* msg) {
return true;
}
case DM_SEC_CALC_OOB_IND:
case DM_SEC_CALC_OOB_IND: {
dmSecOobCalcIndEvt_t* evt = (dmSecOobCalcIndEvt_t*) msg;
handler->on_secure_connections_oob_generated(
evt->hdr.param,
evt->random,
evt->confirm
);
return true;
}
case DM_SEC_ECC_KEY_IND:
case DM_SEC_ECC_KEY_IND: {
secEccMsg_t* evt = (secEccMsg_t*) msg;
DmSecSetEccKey(&evt->data.key);
memcpy(self._public_key_x, evt->data.key.pubKey_x, sizeof(_public_key_x));
self._lesc_keys_generated = true;
return true;
}
case DM_SEC_COMPARE_IND:
case DM_SEC_COMPARE_IND: {
dmSecCnfIndEvt_t* evt = (dmSecCnfIndEvt_t*) msg;
handler->on_passkey_display(
/* connection */ evt->hdr.param,
DmSecGetCompareValue(evt->confirm)
);
handler->on_confirmation_request(/* connection */ evt->hdr.param);
return true;
}
case DM_SEC_KEYPRESS_IND: {
dmSecKeypressIndEvt_t* evt = (dmSecKeypressIndEvt_t*) msg;
handler->on_keypress_notification(
/* connection */ evt->hdr.param,
(Keypress_t) evt->notificationType