oob stored in generic and handed over to pal when requested

features/FEATURE_BLE/ble/generic/GenericSecurityManager.h

@@ -439,6 +439,12 @@ private:
     pal::SecurityDb &_db;
     pal::ConnectionEventMonitor &_connection_monitor;
 
+    /* OOB data */
+    address_t _oob_peer_address;
+    oob_lesc_value_t _oob_peer_random;
+    oob_confirm_t _oob_peer_confirm;
+    oob_lesc_value_t _oob_local_random;
+
     pal::AuthenticationMask _default_authentication;
     pal::KeyDistribution _default_key_distribution;
 
@@ -548,6 +554,12 @@ public:
         connection_handle_t connection
     );
 
+    /** @copydoc ble::pal::SecurityManager::on_secure_connections_oob_request
+     */
+    virtual void on_secure_connections_oob_request(
+        connection_handle_t connection
+    );
+
     /** @copydoc ble::pal::SecurityManager::on_legacy_pairing_oob_request
      */
     virtual void on_legacy_pairing_oob_request(
@@ -557,7 +569,7 @@ public:
     /** @copydoc ble::pal::SecurityManager::on_secure_connections_oob_generated
      */
     virtual void on_secure_connections_oob_generated(
-        const address_t &local_address,
+        connection_handle_t connection,
         const oob_lesc_value_t &random,
         const oob_confirm_t &confirm
     );

features/FEATURE_BLE/ble/pal/PalSecurityManager.h

@@ -367,6 +367,17 @@ public:
             Keypress_t keypress
         ) = 0;
 
+        /**
+         * Request OOB data from the user application.
+         *
+         * @param[in] connection connection handle
+         * @note shall be followed by: pal::SecurityManager::secure_connections_oob_request_reply
+         * or a cancellation of the procedure.
+         */
+        virtual void on_secure_connections_oob_request(
+            connection_handle_t connection
+        ) = 0;
+
         /**
          * Request OOB data from the user application.
          *
@@ -381,14 +392,14 @@ public:
         /**
          * Send OOB data to the application for transport to the peer.
          *
-         * @param[in] address address of the local device
+         * @param[in] connection connection handle
          * @param[in] random random number used to generate the confirmation
          * @param[in] confirm confirmation value to be use for authentication
          *                    in secure connections pairing
          * @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
          */
         virtual void on_secure_connections_oob_generated(
-            const address_t &local_address,
+            connection_handle_t connection,
             const oob_lesc_value_t &random,
             const oob_confirm_t &confirm
         ) = 0;
@@ -909,7 +920,24 @@ public:
     ) = 0;
 
     /**
-     * Reply to an oob data request received from the SecurityManagerEventHandler.
+     * Reply to a Secure Connections oob data request received from the SecurityManagerEventHandler.
+     *
+     * @param[in] connection connection handle
+     * @param[in] local_random local random number used for the last oob exchange
+     * @param[in] peer_random random number used to generate the confirmation on peer
+     * @param[in] peer_confirm confirmation value to be use for authentication
+     *                         in secure connections pairing
+     * @retval BLE_ERROR_NONE On success, else an error code indicating reason for failure
+     */
+    virtual ble_error_t secure_connections_oob_request_reply(
+        connection_handle_t connection,
+        const oob_lesc_value_t &local_random,
+        const oob_lesc_value_t &peer_random,
+        const oob_confirm_t &peer_confirm
+    ) = 0;
+
+    /**
+     * Reply to a legacy pairing oob data request received from the SecurityManagerEventHandler.
      *
      * @param[in] connection connection handle
      * @param[in] oob_data pointer to out of band data
@@ -955,32 +983,6 @@ public:
         connection_handle_t connection
     ) = 0;
 
-    /**
-     * Supply the stack with the OOB data for secure connections.
-     *
-     * @param[in] address address of the peer device this data comes from
-     * @param[in] random random number used to generate the confirmation
-     * @param[in] confirm confirmation value to be use for authentication
-     *                    in secure connections pairing
-     * @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
-     */
-    virtual ble_error_t secure_connections_oob_received(
-        const address_t &address,
-        const oob_lesc_value_t &random,
-        const oob_confirm_t &confirm
-    ) = 0;
-
-    /**
-     * Supply the stack with the OOB data for secure connections.
-     *
-     * @param[in] address address of the peer device oob data is needed for
-     * @return True if oob data present, false if not or if the functionality
-     *         is not implemented.
-     */
-    virtual bool is_secure_connections_oob_present(
-        const address_t &address
-    ) = 0;
-
     /* Entry points for the underlying stack to report events back to the user. */
 public:
     /**

features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp

@@ -563,7 +563,10 @@ ble_error_t GenericSecurityManager::oobReceived(
     const oob_confirm_t *confirm
 ) {
     if (address && random && confirm) {
-        return _pal.secure_connections_oob_received(*address, *random, *confirm);
+        _oob_peer_address = *address;
+        _oob_peer_random = *random;
+        _oob_peer_confirm = *confirm;
+        return BLE_ERROR_NONE;
     }
 
     return BLE_ERROR_INVALID_PARAM;
@@ -696,7 +699,7 @@ void GenericSecurityManager::update_oob_presence(connection_handle_t connection)
     cb->oob_present = cb->attempt_oob;
 
     if (_default_authentication.get_secure_connections()) {
-        cb->oob_present = _pal.is_secure_connections_oob_present(cb->peer_address);
+        cb->oob_present = (cb->peer_address == _oob_peer_address);
     }
 }
 
@@ -944,17 +947,37 @@ void GenericSecurityManager::on_confirmation_request(connection_handle_t connect
     eventHandler->confirmationRequest(connection);
 }
 
+void GenericSecurityManager::on_secure_connections_oob_request(connection_handle_t connection) {
+    set_mitm_performed(connection);
+
+    ControlBlock_t *cb = get_control_block(connection);
+    if (!cb) {
+        return;
+    }
+
+    if (cb->peer_address == _oob_peer_address) {
+        _pal.secure_connections_oob_request_reply(connection, _oob_local_random, _oob_peer_random, _oob_peer_confirm);
+    } else {
+        _pal.cancel_pairing(connection, pairing_failure_t::OOB_NOT_AVAILABLE);
+    }
+}
+
 void GenericSecurityManager::on_legacy_pairing_oob_request(connection_handle_t connection) {
     set_mitm_performed(connection);
     eventHandler->legacyPairingOobRequest(connection);
 }
 
 void GenericSecurityManager::on_secure_connections_oob_generated(
-    const address_t &local_address,
+    connection_handle_t connection,
     const oob_lesc_value_t &random,
     const oob_confirm_t &confirm
 ) {
-    eventHandler->oobGenerated(&local_address, &random, &confirm);
+    ControlBlock_t *cb = get_control_block(connection);
+    if (!cb) {
+        return;
+    }
+    eventHandler->oobGenerated(&cb->local_address, &random, &confirm);
+    _oob_local_random = random;
 }
 
 ////////////////////////////////////////////////////////////////////////////

features/FEATURE_BLE/targets/TARGET_CORDIO/CordioPalSecurityManager.h

@@ -302,19 +302,13 @@ public:
     );
 
     /**
-     * @see ::ble::pal::SecurityManager::secure_connections_oob_received
+     * @see ::ble::pal::SecurityManager::secure_connections_oob_request_reply
      */
-    virtual ble_error_t secure_connections_oob_received(
+    virtual ble_error_t secure_connections_oob_request_reply(
-        const address_t &address,
+        connection_handle_t connection,
-        const oob_lesc_value_t &random,
+        const oob_lesc_value_t &local_random,
-        const oob_confirm_t &confirm
+        const oob_lesc_value_t &peer_random,
-    );
+        const oob_confirm_t &peer_confirm
-
-    /**
-     * @see ::ble::pal::SecurityManager::is_secure_connections_oob_present
-     */
-    virtual bool is_secure_connections_oob_present(
-        const address_t &address
     );
 
     // singleton of the ARM Cordio Security Manager

features/FEATURE_BLE/targets/TARGET_CORDIO/source/CordioPalSecurityManager.cpp

@@ -400,20 +400,15 @@ ble_error_t CordioSecurityManager::generate_secure_connections_oob(
     return BLE_ERROR_NOT_IMPLEMENTED;
 }
 
-ble_error_t CordioSecurityManager::secure_connections_oob_received(
+ble_error_t CordioSecurityManager::secure_connections_oob_request_reply(
-    const address_t &address,
+    connection_handle_t connection,
-    const oob_lesc_value_t &random,
+    const oob_lesc_value_t &local_random,
-    const oob_confirm_t &confirm
+    const oob_lesc_value_t &peer_random,
+    const oob_confirm_t &peer_confirm
 ) {
     return BLE_ERROR_NOT_IMPLEMENTED;
 }
 
-bool CordioSecurityManager::is_secure_connections_oob_present(
-    const address_t &address
-) {
-    return false;
-}
-
 CordioSecurityManager& CordioSecurityManager::get_security_manager()
 {
     static CordioSecurityManager _security_manager;