ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

signing enabling

pull/6188/head
paul-szczepanek-arm 2018-01-21 18:26:35 +00:00
parent 467b36eaaf
commit 7f90c7c889
2 changed files with 50 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
features/FEATURE_BLE/ble/SecurityManager.h
View File

@ -140,12 +140,6 @@ public:
} }
} }
virtual void signingKey(connection_handle_t handle, const csrk_t csrk, bool authenticated) {
(void)handle;
(void)csrk;
(void)authenticated;
}
//////////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////////////
// Encryption // Encryption
// //
@ -184,6 +178,16 @@ public:
virtual void oobRequest(connection_handle_t handle) { virtual void oobRequest(connection_handle_t handle) {
(void)handle; (void)handle;
} }
////////////////////////////////////////////////////////////////////////////
// Keys
//
virtual void signingKey(connection_handle_t handle, const csrk_t csrk, bool authenticated) {
(void)handle;
(void)csrk;
(void)authenticated;
}
}; };
private: private:
@ -262,13 +266,15 @@ public:
* such as availability of a display or keyboard, to * such as availability of a display or keyboard, to
* support out-of-band exchanges of security data. * support out-of-band exchanges of security data.
* @param[in] passkey To specify a static passkey. * @param[in] passkey To specify a static passkey.
* @param[in] signing Generate and distribute signing key during pairing
* *
* @return BLE_ERROR_NONE on success. * @return BLE_ERROR_NONE on success.
*/ */
virtual ble_error_t init(bool enableBonding = true, virtual ble_error_t init(bool enableBonding = true,
bool requireMITM = true, bool requireMITM = true,
SecurityIOCapabilities_t iocaps = IO_CAPS_NONE, SecurityIOCapabilities_t iocaps = IO_CAPS_NONE,
const Passkey_t passkey = NULL) { const Passkey_t passkey = NULL,
bool signing = true) {
/* Avoid compiler warnings about unused variables. */ /* Avoid compiler warnings about unused variables. */
(void)enableBonding; (void)enableBonding;
(void)requireMITM; (void)requireMITM;
@ -431,13 +437,18 @@ public:
return BLE_ERROR_NOT_IMPLEMENTED; return BLE_ERROR_NOT_IMPLEMENTED;
} }
virtual ble_error_t enableSigning(connection_handle_t handle, bool enabled = true) {
(void) enabled;
return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
}
//////////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////////////
// Encryption // Encryption
// //
virtual ble_error_t getLinkEncryption(Gap::Handle_t connectionHandle, link_encryption_t *securityStatus) { virtual ble_error_t getLinkEncryption(Gap::Handle_t connectionHandle, link_encryption_t *encryption) {
(void)connectionHandle; (void)connectionHandle;
(void)securityStatus; (void)encryption;
return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */ return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
} }

32
features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp
View File

@ -57,6 +57,7 @@ struct SecurityEntry_t {
uint8_t oob_mitm_protection:1; uint8_t oob_mitm_protection:1;
uint8_t secure_connections:1; uint8_t secure_connections:1;
uint8_t signing_key:1; uint8_t signing_key:1;
uint8_t encryption_key:1;
}; };
struct SecurityEntryKeys_t { struct SecurityEntryKeys_t {
@ -178,7 +179,8 @@ public:
bool bondable = true, bool bondable = true,
bool mitm = true, bool mitm = true,
SecurityIOCapabilities_t iocaps = IO_CAPS_NONE, SecurityIOCapabilities_t iocaps = IO_CAPS_NONE,
const Passkey_t passkey = NULL const Passkey_t passkey = NULL,
bool signing = true
) { ) {
db.restore(); db.restore();
pal.set_io_capability((io_capability_t::type) iocaps); pal.set_io_capability((io_capability_t::type) iocaps);
@ -193,6 +195,8 @@ public:
authentication.set_secure_connections(secure_connections); authentication.set_secure_connections(secure_connections);
authentication.set_keypress_notification(true); authentication.set_keypress_notification(true);
initiator_dist.set_signing(signing);
return BLE_ERROR_NONE; return BLE_ERROR_NONE;
} }
@ -273,6 +277,25 @@ public:
return pal.get_secure_connections_support(*enabled); return pal.get_secure_connections_support(*enabled);
} }
virtual ble_error_t enableSigning(connection_handle_t connection, bool enabled = true) {
SecurityEntry_t *entry = db.get_entry(connection);
if (!entry) {
return BLE_ERROR_INVALID_PARAM;
}
if (!entry->signing_key && enabled) {
KeyDistribution distribution = initiator_dist;
distribution.set_signing(enabled);
return pal.send_pairing_request(
connection,
entry->oob,
authentication,
distribution,
responder_dist
);
}
return BLE_ERROR_NONE;
}
//////////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////////////
// Security settings // Security settings
// //
@ -306,7 +329,12 @@ public:
connection_handle_t connection, connection_handle_t connection,
SecurityMode_t securityMode SecurityMode_t securityMode
) { ) {
return BLE_ERROR_NOT_IMPLEMENTED; SecurityEntry_t *entry = db.get_entry(connection);
if (!entry) {
return BLE_ERROR_INVALID_PARAM;
}
entry->encryption_requested = true;
pal.enable_encryption(connection);
} }
virtual ble_error_t setKeypressNotification(bool enabled = true) { virtual ble_error_t setKeypressNotification(bool enabled = true) {