From 66867d4dd32e0b123c5acf480a8b8984f410c5db Mon Sep 17 00:00:00 2001 From: paul-szczepanek-arm <33840200+paul-szczepanek-arm@users.noreply.github.com> Date: Fri, 16 Mar 2018 14:48:04 +0000 Subject: [PATCH] oob stored in generic and handed over to pal when requested --- .../ble/generic/GenericSecurityManager.h | 14 ++++- .../FEATURE_BLE/ble/pal/PalSecurityManager.h | 60 ++++++++++--------- .../source/generic/GenericSecurityManager.cpp | 31 ++++++++-- .../TARGET_CORDIO/CordioPalSecurityManager.h | 18 ++---- .../source/CordioPalSecurityManager.cpp | 15 ++--- 5 files changed, 82 insertions(+), 56 deletions(-) diff --git a/features/FEATURE_BLE/ble/generic/GenericSecurityManager.h b/features/FEATURE_BLE/ble/generic/GenericSecurityManager.h index 322cef4b5d..8b33c08dae 100644 --- a/features/FEATURE_BLE/ble/generic/GenericSecurityManager.h +++ b/features/FEATURE_BLE/ble/generic/GenericSecurityManager.h @@ -439,6 +439,12 @@ private: pal::SecurityDb &_db; pal::ConnectionEventMonitor &_connection_monitor; + /* OOB data */ + address_t _oob_peer_address; + oob_lesc_value_t _oob_peer_random; + oob_confirm_t _oob_peer_confirm; + oob_lesc_value_t _oob_local_random; + pal::AuthenticationMask _default_authentication; pal::KeyDistribution _default_key_distribution; @@ -548,6 +554,12 @@ public: connection_handle_t connection ); + /** @copydoc ble::pal::SecurityManager::on_secure_connections_oob_request + */ + virtual void on_secure_connections_oob_request( + connection_handle_t connection + ); + /** @copydoc ble::pal::SecurityManager::on_legacy_pairing_oob_request */ virtual void on_legacy_pairing_oob_request( @@ -557,7 +569,7 @@ public: /** @copydoc ble::pal::SecurityManager::on_secure_connections_oob_generated */ virtual void on_secure_connections_oob_generated( - const address_t &local_address, + connection_handle_t connection, const oob_lesc_value_t &random, const oob_confirm_t &confirm ); diff --git a/features/FEATURE_BLE/ble/pal/PalSecurityManager.h b/features/FEATURE_BLE/ble/pal/PalSecurityManager.h index ac984ab0d8..e452f6fe4c 100644 --- a/features/FEATURE_BLE/ble/pal/PalSecurityManager.h +++ b/features/FEATURE_BLE/ble/pal/PalSecurityManager.h @@ -367,6 +367,17 @@ public: Keypress_t keypress ) = 0; + /** + * Request OOB data from the user application. + * + * @param[in] connection connection handle + * @note shall be followed by: pal::SecurityManager::secure_connections_oob_request_reply + * or a cancellation of the procedure. + */ + virtual void on_secure_connections_oob_request( + connection_handle_t connection + ) = 0; + /** * Request OOB data from the user application. * @@ -381,14 +392,14 @@ public: /** * Send OOB data to the application for transport to the peer. * - * @param[in] address address of the local device + * @param[in] connection connection handle * @param[in] random random number used to generate the confirmation * @param[in] confirm confirmation value to be use for authentication * in secure connections pairing * @return BLE_ERROR_NONE or appropriate error code indicating the failure reason. */ virtual void on_secure_connections_oob_generated( - const address_t &local_address, + connection_handle_t connection, const oob_lesc_value_t &random, const oob_confirm_t &confirm ) = 0; @@ -909,7 +920,24 @@ public: ) = 0; /** - * Reply to an oob data request received from the SecurityManagerEventHandler. + * Reply to a Secure Connections oob data request received from the SecurityManagerEventHandler. + * + * @param[in] connection connection handle + * @param[in] local_random local random number used for the last oob exchange + * @param[in] peer_random random number used to generate the confirmation on peer + * @param[in] peer_confirm confirmation value to be use for authentication + * in secure connections pairing + * @retval BLE_ERROR_NONE On success, else an error code indicating reason for failure + */ + virtual ble_error_t secure_connections_oob_request_reply( + connection_handle_t connection, + const oob_lesc_value_t &local_random, + const oob_lesc_value_t &peer_random, + const oob_confirm_t &peer_confirm + ) = 0; + + /** + * Reply to a legacy pairing oob data request received from the SecurityManagerEventHandler. * * @param[in] connection connection handle * @param[in] oob_data pointer to out of band data @@ -955,32 +983,6 @@ public: connection_handle_t connection ) = 0; - /** - * Supply the stack with the OOB data for secure connections. - * - * @param[in] address address of the peer device this data comes from - * @param[in] random random number used to generate the confirmation - * @param[in] confirm confirmation value to be use for authentication - * in secure connections pairing - * @return BLE_ERROR_NONE or appropriate error code indicating the failure reason. - */ - virtual ble_error_t secure_connections_oob_received( - const address_t &address, - const oob_lesc_value_t &random, - const oob_confirm_t &confirm - ) = 0; - - /** - * Supply the stack with the OOB data for secure connections. - * - * @param[in] address address of the peer device oob data is needed for - * @return True if oob data present, false if not or if the functionality - * is not implemented. - */ - virtual bool is_secure_connections_oob_present( - const address_t &address - ) = 0; - /* Entry points for the underlying stack to report events back to the user. */ public: /** diff --git a/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp b/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp index 0e6cb57e5e..95b15269b1 100644 --- a/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp +++ b/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp @@ -563,7 +563,10 @@ ble_error_t GenericSecurityManager::oobReceived( const oob_confirm_t *confirm ) { if (address && random && confirm) { - return _pal.secure_connections_oob_received(*address, *random, *confirm); + _oob_peer_address = *address; + _oob_peer_random = *random; + _oob_peer_confirm = *confirm; + return BLE_ERROR_NONE; } return BLE_ERROR_INVALID_PARAM; @@ -696,7 +699,7 @@ void GenericSecurityManager::update_oob_presence(connection_handle_t connection) cb->oob_present = cb->attempt_oob; if (_default_authentication.get_secure_connections()) { - cb->oob_present = _pal.is_secure_connections_oob_present(cb->peer_address); + cb->oob_present = (cb->peer_address == _oob_peer_address); } } @@ -944,17 +947,37 @@ void GenericSecurityManager::on_confirmation_request(connection_handle_t connect eventHandler->confirmationRequest(connection); } +void GenericSecurityManager::on_secure_connections_oob_request(connection_handle_t connection) { + set_mitm_performed(connection); + + ControlBlock_t *cb = get_control_block(connection); + if (!cb) { + return; + } + + if (cb->peer_address == _oob_peer_address) { + _pal.secure_connections_oob_request_reply(connection, _oob_local_random, _oob_peer_random, _oob_peer_confirm); + } else { + _pal.cancel_pairing(connection, pairing_failure_t::OOB_NOT_AVAILABLE); + } +} + void GenericSecurityManager::on_legacy_pairing_oob_request(connection_handle_t connection) { set_mitm_performed(connection); eventHandler->legacyPairingOobRequest(connection); } void GenericSecurityManager::on_secure_connections_oob_generated( - const address_t &local_address, + connection_handle_t connection, const oob_lesc_value_t &random, const oob_confirm_t &confirm ) { - eventHandler->oobGenerated(&local_address, &random, &confirm); + ControlBlock_t *cb = get_control_block(connection); + if (!cb) { + return; + } + eventHandler->oobGenerated(&cb->local_address, &random, &confirm); + _oob_local_random = random; } //////////////////////////////////////////////////////////////////////////// diff --git a/features/FEATURE_BLE/targets/TARGET_CORDIO/CordioPalSecurityManager.h b/features/FEATURE_BLE/targets/TARGET_CORDIO/CordioPalSecurityManager.h index d79c1c788c..1181abb273 100644 --- a/features/FEATURE_BLE/targets/TARGET_CORDIO/CordioPalSecurityManager.h +++ b/features/FEATURE_BLE/targets/TARGET_CORDIO/CordioPalSecurityManager.h @@ -302,19 +302,13 @@ public: ); /** - * @see ::ble::pal::SecurityManager::secure_connections_oob_received + * @see ::ble::pal::SecurityManager::secure_connections_oob_request_reply */ - virtual ble_error_t secure_connections_oob_received( - const address_t &address, - const oob_lesc_value_t &random, - const oob_confirm_t &confirm - ); - - /** - * @see ::ble::pal::SecurityManager::is_secure_connections_oob_present - */ - virtual bool is_secure_connections_oob_present( - const address_t &address + virtual ble_error_t secure_connections_oob_request_reply( + connection_handle_t connection, + const oob_lesc_value_t &local_random, + const oob_lesc_value_t &peer_random, + const oob_confirm_t &peer_confirm ); // singleton of the ARM Cordio Security Manager diff --git a/features/FEATURE_BLE/targets/TARGET_CORDIO/source/CordioPalSecurityManager.cpp b/features/FEATURE_BLE/targets/TARGET_CORDIO/source/CordioPalSecurityManager.cpp index 24e405ef65..7764bbd09c 100644 --- a/features/FEATURE_BLE/targets/TARGET_CORDIO/source/CordioPalSecurityManager.cpp +++ b/features/FEATURE_BLE/targets/TARGET_CORDIO/source/CordioPalSecurityManager.cpp @@ -400,20 +400,15 @@ ble_error_t CordioSecurityManager::generate_secure_connections_oob( return BLE_ERROR_NOT_IMPLEMENTED; } -ble_error_t CordioSecurityManager::secure_connections_oob_received( - const address_t &address, - const oob_lesc_value_t &random, - const oob_confirm_t &confirm +ble_error_t CordioSecurityManager::secure_connections_oob_request_reply( + connection_handle_t connection, + const oob_lesc_value_t &local_random, + const oob_lesc_value_t &peer_random, + const oob_confirm_t &peer_confirm ) { return BLE_ERROR_NOT_IMPLEMENTED; } -bool CordioSecurityManager::is_secure_connections_oob_present( - const address_t &address -) { - return false; -} - CordioSecurityManager& CordioSecurityManager::get_security_manager() { static CordioSecurityManager _security_manager;