ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

BLE: Support encryption with secure connection key.

pull/6932/head
Vincent Coubard 2018-05-02 17:51:48 +01:00
parent f79eeb0173
commit 4e5639f5ca
2 changed files with 52 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
features/FEATURE_BLE/ble/SecurityManager.h
View File

@ -967,15 +967,31 @@ public:
*/
ble_error_t getLinkSecurity(ble::connection_handle_t connectionHandle, LinkSecurityStatus_t *securityStatus) {
ble::link_encryption_t encryption(ble::link_encryption_t::NOT_ENCRYPTED);
ble_error_t status = getLinkEncryption(connectionHandle, &encryption);
/* legacy support limits the return values */
if (encryption.value() == ble::link_encryption_t::ENCRYPTED_WITH_MITM) {
*securityStatus = ENCRYPTED;
} else {
*securityStatus = (LinkSecurityStatus_t)encryption.value();
ble_error_t err = getLinkEncryption(connectionHandle, &encryption);
if (err) {
return err;
}
return status;
switch (encryption.value()) {
case ble::link_encryption_t::NOT_ENCRYPTED:
*securityStatus = NOT_ENCRYPTED;
break;
case ble::link_encryption_t::ENCRYPTION_IN_PROGRESS:
*securityStatus = ENCRYPTION_IN_PROGRESS;
break;
case ble::link_encryption_t::ENCRYPTED:
case ble::link_encryption_t::ENCRYPTED_WITH_MITM:
case ble::link_encryption_t::ENCRYPTED_WITH_SC_AND_MITM:
*securityStatus = ENCRYPTED;
break;
default:
// should never happen
MBED_ASSERT(false);
*securityStatus = NOT_ENCRYPTED;
break;
}
return BLE_ERROR_NONE;
}
/**
@ -1079,7 +1095,10 @@ private:
SecurityManager::SecurityMode_t securityMode;
if (result == ble::link_encryption_t::ENCRYPTED) {
securityMode = SECURITY_MODE_ENCRYPTION_NO_MITM;
} else if (result == ble::link_encryption_t::ENCRYPTED_WITH_MITM) {
} else if (
result == ble::link_encryption_t::ENCRYPTED_WITH_MITM ||
result == ble::link_encryption_t::ENCRYPTED_WITH_SC_AND_MITM
) {
securityMode = SECURITY_MODE_ENCRYPTION_WITH_MITM;
} else {
securityMode = SECURITY_MODE_ENCRYPTION_OPEN_LINK;

28
features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp
View File

@ -369,7 +369,11 @@ ble_error_t GenericSecurityManager::getLinkEncryption(
if (cb->encrypted) {
if (cb->ltk_mitm_protected || cb->mitm_performed) {
*encryption = link_encryption_t::ENCRYPTED_WITH_MITM;
if (cb->secure_connections_paired) {
*encryption = link_encryption_t::ENCRYPTED_WITH_SC_AND_MITM;
} else {
*encryption = link_encryption_t::ENCRYPTED_WITH_MITM;
}
} else {
*encryption = link_encryption_t::ENCRYPTED;
}
@ -408,7 +412,9 @@ ble_error_t GenericSecurityManager::setLinkEncryption(
} else if (encryption == link_encryption_t::ENCRYPTED) {
/* only change if we're not already encrypted with mitm */
if (current_encryption != link_encryption_t::ENCRYPTED_WITH_MITM) {
if (current_encryption != link_encryption_t::ENCRYPTED_WITH_MITM ||
current_encryption != link_encryption_t::ENCRYPTED_WITH_SC_AND_MITM
) {
cb->encryption_requested = true;
return enable_encryption(connection);
}
@ -423,6 +429,19 @@ ble_error_t GenericSecurityManager::setLinkEncryption(
return requestAuthentication(connection);
}
} else if (encryption == link_encryption_t::ENCRYPTED_WITH_SC_AND_MITM) {
if (cb->ltk_mitm_protected &&
cb->secure_connections_paired && !
cb->encrypted
) {
cb->encryption_requested = true;
return enable_encryption(connection);
} else {
cb->encryption_requested = true;
return requestAuthentication(connection);
}
} else {
return BLE_ERROR_INVALID_PARAM;
}
@ -1059,7 +1078,10 @@ void GenericSecurityManager::on_link_encryption_result(
cb->encryption_failed = false;
cb->encrypted = true;
} else if (result == link_encryption_t::ENCRYPTED_WITH_MITM) {
} else if (
result == link_encryption_t::ENCRYPTED_WITH_MITM ||
result == link_encryption_t::ENCRYPTED_WITH_SC_AND_MITM
) {
cb->encryption_requested = false;
cb->encryption_failed = false;