oob stored in generic and handed over to pal when requested

2018-03-16 14:48:04 +00:00 · 2018-03-16 14:48:04 +00:00 · 66867d4dd3
parent 1521dee773
commit 66867d4dd3
5 changed files with 82 additions and 56 deletions
--- a/features/FEATURE_BLE/ble/generic/GenericSecurityManager.h
+++ b/features/FEATURE_BLE/ble/generic/GenericSecurityManager.h
@ -439,6 +439,12 @@ private:
    pal::SecurityDb &_db;
    pal::ConnectionEventMonitor &_connection_monitor;

+    /* OOB data */
+    address_t _oob_peer_address;
+    oob_lesc_value_t _oob_peer_random;
+    oob_confirm_t _oob_peer_confirm;
+    oob_lesc_value_t _oob_local_random;
+
    pal::AuthenticationMask _default_authentication;
    pal::KeyDistribution _default_key_distribution;

@ -548,6 +554,12 @@ public:
        connection_handle_t connection
    );

+    /** @copydoc ble::pal::SecurityManager::on_secure_connections_oob_request
+     */
+    virtual void on_secure_connections_oob_request(
+        connection_handle_t connection
+    );
+
    /** @copydoc ble::pal::SecurityManager::on_legacy_pairing_oob_request
     */
    virtual void on_legacy_pairing_oob_request(
@ -557,7 +569,7 @@ public:
    /** @copydoc ble::pal::SecurityManager::on_secure_connections_oob_generated
     */
    virtual void on_secure_connections_oob_generated(
-        const address_t &local_address,
+        connection_handle_t connection,
        const oob_lesc_value_t &random,
        const oob_confirm_t &confirm
    );
--- a/features/FEATURE_BLE/ble/pal/PalSecurityManager.h
+++ b/features/FEATURE_BLE/ble/pal/PalSecurityManager.h
@ -367,6 +367,17 @@ public:
            Keypress_t keypress
        ) = 0;

+        /**
+         * Request OOB data from the user application.
+         *
+         * @param[in] connection connection handle
+         * @note shall be followed by: pal::SecurityManager::secure_connections_oob_request_reply
+         * or a cancellation of the procedure.
+         */
+        virtual void on_secure_connections_oob_request(
+            connection_handle_t connection
+        ) = 0;
+
        /**
         * Request OOB data from the user application.
         *
@ -381,14 +392,14 @@ public:
        /**
         * Send OOB data to the application for transport to the peer.
         *
-         * @param[in] address address of the local device
+         * @param[in] connection connection handle
         * @param[in] random random number used to generate the confirmation
         * @param[in] confirm confirmation value to be use for authentication
         *                    in secure connections pairing
         * @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
         */
        virtual void on_secure_connections_oob_generated(
-            const address_t &local_address,
+            connection_handle_t connection,
            const oob_lesc_value_t &random,
            const oob_confirm_t &confirm
        ) = 0;
@ -909,7 +920,24 @@ public:
    ) = 0;

    /**
-     * Reply to an oob data request received from the SecurityManagerEventHandler.
+     * Reply to a Secure Connections oob data request received from the SecurityManagerEventHandler.
+     *
+     * @param[in] connection connection handle
+     * @param[in] local_random local random number used for the last oob exchange
+     * @param[in] peer_random random number used to generate the confirmation on peer
+     * @param[in] peer_confirm confirmation value to be use for authentication
+     *                         in secure connections pairing
+     * @retval BLE_ERROR_NONE On success, else an error code indicating reason for failure
+     */
+    virtual ble_error_t secure_connections_oob_request_reply(
+        connection_handle_t connection,
+        const oob_lesc_value_t &local_random,
+        const oob_lesc_value_t &peer_random,
+        const oob_confirm_t &peer_confirm
+    ) = 0;
+
+    /**
+     * Reply to a legacy pairing oob data request received from the SecurityManagerEventHandler.
     *
     * @param[in] connection connection handle
     * @param[in] oob_data pointer to out of band data
@ -955,32 +983,6 @@ public:
        connection_handle_t connection
    ) = 0;

-    /**
-     * Supply the stack with the OOB data for secure connections.
-     *
-     * @param[in] address address of the peer device this data comes from
-     * @param[in] random random number used to generate the confirmation
-     * @param[in] confirm confirmation value to be use for authentication
-     *                    in secure connections pairing
-     * @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
-     */
-    virtual ble_error_t secure_connections_oob_received(
-        const address_t &address,
-        const oob_lesc_value_t &random,
-        const oob_confirm_t &confirm
-    ) = 0;
-
-    /**
-     * Supply the stack with the OOB data for secure connections.
-     *
-     * @param[in] address address of the peer device oob data is needed for
-     * @return True if oob data present, false if not or if the functionality
-     *         is not implemented.
-     */
-    virtual bool is_secure_connections_oob_present(
-        const address_t &address
-    ) = 0;
-
    /* Entry points for the underlying stack to report events back to the user. */
 public:
    /**
--- a/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp
+++ b/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp
@ -563,7 +563,10 @@ ble_error_t GenericSecurityManager::oobReceived(
    const oob_confirm_t *confirm
 ) {
    if (address && random && confirm) {
-        return _pal.secure_connections_oob_received(*address, *random, *confirm);
+        _oob_peer_address = *address;
+        _oob_peer_random = *random;
+        _oob_peer_confirm = *confirm;
+        return BLE_ERROR_NONE;
    }

    return BLE_ERROR_INVALID_PARAM;
@ -696,7 +699,7 @@ void GenericSecurityManager::update_oob_presence(connection_handle_t connection)
    cb->oob_present = cb->attempt_oob;

    if (_default_authentication.get_secure_connections()) {
-        cb->oob_present = _pal.is_secure_connections_oob_present(cb->peer_address);
+        cb->oob_present = (cb->peer_address == _oob_peer_address);
    }
 }

@ -944,17 +947,37 @@ void GenericSecurityManager::on_confirmation_request(connection_handle_t connect
    eventHandler->confirmationRequest(connection);
 }

+void GenericSecurityManager::on_secure_connections_oob_request(connection_handle_t connection) {
+    set_mitm_performed(connection);
+
+    ControlBlock_t *cb = get_control_block(connection);
+    if (!cb) {
+        return;
+    }
+
+    if (cb->peer_address == _oob_peer_address) {
+        _pal.secure_connections_oob_request_reply(connection, _oob_local_random, _oob_peer_random, _oob_peer_confirm);
+    } else {
+        _pal.cancel_pairing(connection, pairing_failure_t::OOB_NOT_AVAILABLE);
+    }
+}
+
 void GenericSecurityManager::on_legacy_pairing_oob_request(connection_handle_t connection) {
    set_mitm_performed(connection);
    eventHandler->legacyPairingOobRequest(connection);
 }

 void GenericSecurityManager::on_secure_connections_oob_generated(
-    const address_t &local_address,
+    connection_handle_t connection,
    const oob_lesc_value_t &random,
    const oob_confirm_t &confirm
 ) {
-    eventHandler->oobGenerated(&local_address, &random, &confirm);
+    ControlBlock_t *cb = get_control_block(connection);
+    if (!cb) {
+        return;
+    }
+    eventHandler->oobGenerated(&cb->local_address, &random, &confirm);
+    _oob_local_random = random;
 }

 ////////////////////////////////////////////////////////////////////////////
--- a/features/FEATURE_BLE/targets/TARGET_CORDIO/CordioPalSecurityManager.h
+++ b/features/FEATURE_BLE/targets/TARGET_CORDIO/CordioPalSecurityManager.h
@ -302,19 +302,13 @@ public:
    );

    /**
-     * @see ::ble::pal::SecurityManager::secure_connections_oob_received
+     * @see ::ble::pal::SecurityManager::secure_connections_oob_request_reply
     */
-    virtual ble_error_t secure_connections_oob_received(
-        const address_t &address,
-        const oob_lesc_value_t &random,
-        const oob_confirm_t &confirm
-    );
-
-    /**
-     * @see ::ble::pal::SecurityManager::is_secure_connections_oob_present
-     */
-    virtual bool is_secure_connections_oob_present(
-        const address_t &address
+    virtual ble_error_t secure_connections_oob_request_reply(
+        connection_handle_t connection,
+        const oob_lesc_value_t &local_random,
+        const oob_lesc_value_t &peer_random,
+        const oob_confirm_t &peer_confirm
    );

    // singleton of the ARM Cordio Security Manager
--- a/features/FEATURE_BLE/targets/TARGET_CORDIO/source/CordioPalSecurityManager.cpp
+++ b/features/FEATURE_BLE/targets/TARGET_CORDIO/source/CordioPalSecurityManager.cpp
@ -400,20 +400,15 @@ ble_error_t CordioSecurityManager::generate_secure_connections_oob(
    return BLE_ERROR_NOT_IMPLEMENTED;
 }

-ble_error_t CordioSecurityManager::secure_connections_oob_received(
-    const address_t &address,
-    const oob_lesc_value_t &random,
-    const oob_confirm_t &confirm
+ble_error_t CordioSecurityManager::secure_connections_oob_request_reply(
+    connection_handle_t connection,
+    const oob_lesc_value_t &local_random,
+    const oob_lesc_value_t &peer_random,
+    const oob_confirm_t &peer_confirm
 ) {
    return BLE_ERROR_NOT_IMPLEMENTED;
 }

-bool CordioSecurityManager::is_secure_connections_oob_present(
-    const address_t &address
-) {
-    return false;
-}
-
 CordioSecurityManager& CordioSecurityManager::get_security_manager()
 {
    static CordioSecurityManager _security_manager;