signing enabling

2018-01-21 18:26:35 +00:00 · 2018-01-21 18:26:35 +00:00 · 7f90c7c889
parent 467b36eaaf
commit 7f90c7c889
2 changed files with 50 additions and 11 deletions
--- a/features/FEATURE_BLE/ble/SecurityManager.h
+++ b/features/FEATURE_BLE/ble/SecurityManager.h
@ -140,12 +140,6 @@ public:
            }
        }

-        virtual void signingKey(connection_handle_t handle, const csrk_t csrk, bool authenticated) {
-            (void)handle;
-            (void)csrk;
-            (void)authenticated;
-        }
-
        ////////////////////////////////////////////////////////////////////////////
        // Encryption
        //
@ -184,6 +178,16 @@ public:
        virtual void oobRequest(connection_handle_t handle) {
            (void)handle;
        }
+
+        ////////////////////////////////////////////////////////////////////////////
+        // Keys
+        //
+
+        virtual void signingKey(connection_handle_t handle, const csrk_t csrk, bool authenticated) {
+            (void)handle;
+            (void)csrk;
+            (void)authenticated;
+        }
    };

 private:
@ -262,13 +266,15 @@ public:
     *                           such as availability of a display or keyboard, to
     *                           support out-of-band exchanges of security data.
     * @param[in]  passkey       To specify a static passkey.
+     * @param[in]  signing       Generate and distribute signing key during pairing
     *
     * @return BLE_ERROR_NONE on success.
     */
    virtual ble_error_t init(bool                     enableBonding = true,
                             bool                     requireMITM   = true,
                             SecurityIOCapabilities_t iocaps        = IO_CAPS_NONE,
-                             const Passkey_t          passkey       = NULL) {
+                             const Passkey_t          passkey       = NULL,
+                             bool                     signing       = true) {
        /* Avoid compiler warnings about unused variables. */
        (void)enableBonding;
        (void)requireMITM;
@ -431,13 +437,18 @@ public:
        return BLE_ERROR_NOT_IMPLEMENTED;
    }

+    virtual ble_error_t enableSigning(connection_handle_t handle, bool enabled = true) {
+        (void) enabled;
+        return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
+    }
+
    ////////////////////////////////////////////////////////////////////////////
    // Encryption
    //

-    virtual ble_error_t getLinkEncryption(Gap::Handle_t connectionHandle, link_encryption_t *securityStatus) {
+    virtual ble_error_t getLinkEncryption(Gap::Handle_t connectionHandle, link_encryption_t *encryption) {
        (void)connectionHandle;
-        (void)securityStatus;
+        (void)encryption;
        return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
    }

--- a/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp
+++ b/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp
@ -57,6 +57,7 @@ struct SecurityEntry_t {
    uint8_t oob_mitm_protection:1;
    uint8_t secure_connections:1;
    uint8_t signing_key:1;
+    uint8_t encryption_key:1;
 };

 struct SecurityEntryKeys_t {
@ -178,7 +179,8 @@ public:
        bool bondable = true,
        bool mitm     = true,
        SecurityIOCapabilities_t iocaps = IO_CAPS_NONE,
-        const Passkey_t passkey  = NULL
+        const Passkey_t passkey  = NULL,
+        bool signing = true
    ) {
        db.restore();
        pal.set_io_capability((io_capability_t::type) iocaps);
@ -193,6 +195,8 @@ public:
        authentication.set_secure_connections(secure_connections);
        authentication.set_keypress_notification(true);

+        initiator_dist.set_signing(signing);
+
        return BLE_ERROR_NONE;
    }

@ -273,6 +277,25 @@ public:
        return pal.get_secure_connections_support(*enabled);
    }

+    virtual ble_error_t enableSigning(connection_handle_t connection, bool enabled = true) {
+        SecurityEntry_t *entry = db.get_entry(connection);
+        if (!entry) {
+            return BLE_ERROR_INVALID_PARAM;
+        }
+        if (!entry->signing_key && enabled) {
+            KeyDistribution distribution = initiator_dist;
+            distribution.set_signing(enabled);
+            return pal.send_pairing_request(
+                connection,
+                entry->oob,
+                authentication,
+                distribution,
+                responder_dist
+            );
+        }
+        return BLE_ERROR_NONE;
+    }
+
    ////////////////////////////////////////////////////////////////////////////
    // Security settings
    //
@ -306,7 +329,12 @@ public:
        connection_handle_t connection,
        SecurityMode_t securityMode
    ) {
-        return BLE_ERROR_NOT_IMPLEMENTED;
+        SecurityEntry_t *entry = db.get_entry(connection);
+        if (!entry) {
+            return BLE_ERROR_INVALID_PARAM;
+        }
+        entry->encryption_requested = true;
+        pal.enable_encryption(connection);
    }

    virtual ble_error_t setKeypressNotification(bool enabled = true) {