From 7f90c7c88950128fe91aace3760540324698846b Mon Sep 17 00:00:00 2001
From: paul-szczepanek-arm
 <33840200+paul-szczepanek-arm@users.noreply.github.com>
Date: Sun, 21 Jan 2018 18:26:35 +0000
Subject: [PATCH] signing enabling

---
 features/FEATURE_BLE/ble/SecurityManager.h    | 29 +++++++++++------
 .../source/generic/GenericSecurityManager.cpp | 32 +++++++++++++++++--
 2 files changed, 50 insertions(+), 11 deletions(-)

diff --git a/features/FEATURE_BLE/ble/SecurityManager.h b/features/FEATURE_BLE/ble/SecurityManager.h
index b789b9f600..1ed15f58fd 100644
--- a/features/FEATURE_BLE/ble/SecurityManager.h
+++ b/features/FEATURE_BLE/ble/SecurityManager.h
@@ -140,12 +140,6 @@ public:
             }
         }
 
-        virtual void signingKey(connection_handle_t handle, const csrk_t csrk, bool authenticated) {
-            (void)handle;
-            (void)csrk;
-            (void)authenticated;
-        }
-
         ////////////////////////////////////////////////////////////////////////////
         // Encryption
         //
@@ -184,6 +178,16 @@ public:
         virtual void oobRequest(connection_handle_t handle) {
             (void)handle;
         }
+
+        ////////////////////////////////////////////////////////////////////////////
+        // Keys
+        //
+
+        virtual void signingKey(connection_handle_t handle, const csrk_t csrk, bool authenticated) {
+            (void)handle;
+            (void)csrk;
+            (void)authenticated;
+        }
     };
 
 private:
@@ -262,13 +266,15 @@ public:
      *                           such as availability of a display or keyboard, to
      *                           support out-of-band exchanges of security data.
      * @param[in]  passkey       To specify a static passkey.
+     * @param[in]  signing       Generate and distribute signing key during pairing
      *
      * @return BLE_ERROR_NONE on success.
      */
     virtual ble_error_t init(bool                     enableBonding = true,
                              bool                     requireMITM   = true,
                              SecurityIOCapabilities_t iocaps        = IO_CAPS_NONE,
-                             const Passkey_t          passkey       = NULL) {
+                             const Passkey_t          passkey       = NULL,
+                             bool                     signing       = true) {
         /* Avoid compiler warnings about unused variables. */
         (void)enableBonding;
         (void)requireMITM;
@@ -431,13 +437,18 @@ public:
         return BLE_ERROR_NOT_IMPLEMENTED;
     }
 
+    virtual ble_error_t enableSigning(connection_handle_t handle, bool enabled = true) {
+        (void) enabled;
+        return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
+    }
+
     ////////////////////////////////////////////////////////////////////////////
     // Encryption
     //
 
-    virtual ble_error_t getLinkEncryption(Gap::Handle_t connectionHandle, link_encryption_t *securityStatus) {
+    virtual ble_error_t getLinkEncryption(Gap::Handle_t connectionHandle, link_encryption_t *encryption) {
         (void)connectionHandle;
-        (void)securityStatus;
+        (void)encryption;
         return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
     }
 
diff --git a/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp b/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp
index a2b6a5fcb5..03afbd53bb 100644
--- a/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp
+++ b/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp
@@ -57,6 +57,7 @@ struct SecurityEntry_t {
     uint8_t oob_mitm_protection:1;
     uint8_t secure_connections:1;
     uint8_t signing_key:1;
+    uint8_t encryption_key:1;
 };
 
 struct SecurityEntryKeys_t {
@@ -178,7 +179,8 @@ public:
         bool bondable = true,
         bool mitm     = true,
         SecurityIOCapabilities_t iocaps = IO_CAPS_NONE,
-        const Passkey_t passkey  = NULL
+        const Passkey_t passkey  = NULL,
+        bool signing = true
     ) {
         db.restore();
         pal.set_io_capability((io_capability_t::type) iocaps);
@@ -193,6 +195,8 @@ public:
         authentication.set_secure_connections(secure_connections);
         authentication.set_keypress_notification(true);
 
+        initiator_dist.set_signing(signing);
+
         return BLE_ERROR_NONE;
     }
 
@@ -273,6 +277,25 @@ public:
         return pal.get_secure_connections_support(*enabled);
     }
 
+    virtual ble_error_t enableSigning(connection_handle_t connection, bool enabled = true) {
+        SecurityEntry_t *entry = db.get_entry(connection);
+        if (!entry) {
+            return BLE_ERROR_INVALID_PARAM;
+        }
+        if (!entry->signing_key && enabled) {
+            KeyDistribution distribution = initiator_dist;
+            distribution.set_signing(enabled);
+            return pal.send_pairing_request(
+                connection,
+                entry->oob,
+                authentication,
+                distribution,
+                responder_dist
+            );
+        }
+        return BLE_ERROR_NONE;
+    }
+
     ////////////////////////////////////////////////////////////////////////////
     // Security settings
     //
@@ -306,7 +329,12 @@ public:
         connection_handle_t connection,
         SecurityMode_t securityMode
     ) {
-        return BLE_ERROR_NOT_IMPLEMENTED;
+        SecurityEntry_t *entry = db.get_entry(connection);
+        if (!entry) {
+            return BLE_ERROR_INVALID_PARAM;
+        }
+        entry->encryption_requested = true;
+        pal.enable_encryption(connection);
     }
 
     virtual ble_error_t setKeypressNotification(bool enabled = true) {