ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #10 from pan-/palsm-orig 

Cordio PAL SM alignement
pull/6188/head
Paul Szczepanek 2018-01-19 14:46:33 +00:00 committed by GitHub
parent 49e1fc3932 818ec8c8ec
commit 9082065403
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 145 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
features/FEATURE_BLE/ble/pal/PalSecurityManager.h
View File

@ -39,8 +39,8 @@ typedef uint8_t oob_data_t[16];
typedef uint8_t irk_t[16]; typedef uint8_t irk_t[16];
typedef uint8_t csrk_t[16]; typedef uint8_t csrk_t[16];
typedef uint8_t ltk_t[16]; typedef uint8_t ltk_t[16];
typedef uint8_t ediv_t[8]; typedef uint8_t ediv_t[2];
typedef uint8_t rand_t[2]; typedef uint8_t rand_t[8];
typedef uint8_t random_data_t[8]; typedef uint8_t random_data_t[8];
typedef uint32_t passkey_num_t; typedef uint32_t passkey_num_t;

44
features/FEATURE_BLE/targets/TARGET_CORDIO/CordioPalSecurityManager.h
View File

@ -66,8 +66,8 @@ public:
virtual ble_error_t add_device_to_resolving_list( virtual ble_error_t add_device_to_resolving_list(
advertising_peer_address_type_t peer_identity_address_type, advertising_peer_address_type_t peer_identity_address_type,
address_t peer_identity_address, address_t peer_identity_address,
irk_t peer_irk, const irk_t peer_irk,
irk_t local_irk const irk_t local_irk
); );
/** /**
@ -75,7 +75,7 @@ public:
*/ */
virtual ble_error_t remove_device_from_resolving_list( virtual ble_error_t remove_device_from_resolving_list(
advertising_peer_address_type_t peer_identity_address_type, advertising_peer_address_type_t peer_identity_address_type,
address_t peer_identity_address const address_t& peer_identity_address
); );
/** /**
@ -168,17 +168,17 @@ public:
/** /**
* @see ::ble::pal::SecurityManager::set_ltk * @see ::ble::pal::SecurityManager::set_ltk
*/ */
virtual ble_error_t set_ltk(connection_handle_t connection, ltk_t ltk); virtual ble_error_t set_ltk(connection_handle_t connection, const ltk_t ltk);
/** /**
* @see ::ble::pal::SecurityManager::set_irk * @see ::ble::pal::SecurityManager::set_irk
*/ */
virtual ble_error_t set_irk(const irk_t& irk); virtual ble_error_t set_irk(const irk_t irk);
/** /**
* @see ::ble::pal::SecurityManager::set_csrk * @see ::ble::pal::SecurityManager::set_csrk
*/ */
virtual ble_error_t set_csrk(const csrk_t& csrk); virtual ble_error_t set_csrk(const csrk_t csrk);
/** /**
* @see ::ble::pal::SecurityManager::generate_irk * @see ::ble::pal::SecurityManager::generate_irk
@ -190,6 +190,28 @@ public:
*/ */
virtual ble_error_t generate_csrk(); virtual ble_error_t generate_csrk();
////////////////////////////////////////////////////////////////////////////
// Global parameters
//
/**
* @see ::ble::pal::SecurityManager::set_display_passkey
*/
virtual ble_error_t set_display_passkey(const passkey_num_t passkey);
/**
* @see ::ble::pal::SecurityManager::set_io_capability
*/
virtual ble_error_t set_io_capability(io_capability_t io_capability);
/**
* @see ::ble::pal::SecurityManager::set_encryption_key_requirements
*/
virtual ble_error_t set_encryption_key_requirements(
uint8_t min_encryption_key_size,
uint8_t max_encryption_key_size
);
//////////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////////////
// Authentication // Authentication
// //
@ -199,10 +221,8 @@ public:
*/ */
virtual ble_error_t send_pairing_request( virtual ble_error_t send_pairing_request(
connection_handle_t connection, connection_handle_t connection,
io_capability_t io_capability,
bool oob_data_flag, bool oob_data_flag,
AuthenticationMask authentication_requirements, AuthenticationMask authentication_requirements,
uint8_t maximum_encryption_key_size,
KeyDistribution initiator_dist, KeyDistribution initiator_dist,
KeyDistribution responder_dist KeyDistribution responder_dist
); );
@ -212,10 +232,8 @@ public:
*/ */
virtual ble_error_t send_pairing_response( virtual ble_error_t send_pairing_response(
connection_handle_t connection, connection_handle_t connection,
io_capability_t io_capability,
bool oob_data_flag, bool oob_data_flag,
AuthenticationMask authentication_requirements, AuthenticationMask authentication_requirements,
uint8_t maximum_encryption_key_size,
KeyDistribution initiator_dist, KeyDistribution initiator_dist,
KeyDistribution responder_dist KeyDistribution responder_dist
); );
@ -252,7 +270,7 @@ public:
* @see ::ble::pal::SecurityManager::oob_data_request_reply * @see ::ble::pal::SecurityManager::oob_data_request_reply
*/ */
virtual ble_error_t oob_data_request_reply( virtual ble_error_t oob_data_request_reply(
connection_handle_t connection, const oob_data_t& oob_data connection_handle_t connection, const oob_data_t oob_data
); );
/** /**
@ -274,6 +292,10 @@ public:
// Event handler // Event handler
static bool sm_handler(const wsfMsgHdr_t* msg); static bool sm_handler(const wsfMsgHdr_t* msg);
private:
bool _use_default_passkey;
passkey_num_t _default_passkey;
}; };
} // cordio } // cordio

162
features/FEATURE_BLE/targets/TARGET_CORDIO/source/CordioPalSecurityManager.cpp
View File

@ -24,7 +24,10 @@ namespace pal {
namespace vendor { namespace vendor {
namespace cordio { namespace cordio {
CordioSecurityManager::CordioSecurityManager() : ::ble::pal::SecurityManager() CordioSecurityManager::CordioSecurityManager() :
::ble::pal::SecurityManager(),
_use_default_passkey(false),
_default_passkey(0)
{ {
} }
@ -66,15 +69,15 @@ uint8_t CordioSecurityManager::read_resolving_list_capacity()
ble_error_t CordioSecurityManager::add_device_to_resolving_list( ble_error_t CordioSecurityManager::add_device_to_resolving_list(
advertising_peer_address_type_t peer_identity_address_type, advertising_peer_address_type_t peer_identity_address_type,
address_t peer_identity_address, address_t peer_identity_address,
irk_t peer_irk, const irk_t peer_irk,
irk_t local_irk const irk_t local_irk
) { ) {
return BLE_ERROR_NOT_IMPLEMENTED; return BLE_ERROR_NOT_IMPLEMENTED;
} }
ble_error_t CordioSecurityManager::remove_device_from_resolving_list( ble_error_t CordioSecurityManager::remove_device_from_resolving_list(
advertising_peer_address_type_t peer_identity_address_type, advertising_peer_address_type_t peer_identity_address_type,
address_t peer_identity_address const address_t& peer_identity_address
) { ) {
return BLE_ERROR_NOT_IMPLEMENTED; return BLE_ERROR_NOT_IMPLEMENTED;
} }
@ -163,18 +166,18 @@ ble_error_t CordioSecurityManager::set_private_address_timeout(
// //
ble_error_t CordioSecurityManager::set_ltk( ble_error_t CordioSecurityManager::set_ltk(
connection_handle_t connection, ltk_t ltk connection_handle_t connection, const ltk_t ltk
) { ) {
return BLE_ERROR_NOT_IMPLEMENTED; return BLE_ERROR_NOT_IMPLEMENTED;
} }
ble_error_t CordioSecurityManager::set_irk(const irk_t& irk) ble_error_t CordioSecurityManager::set_irk(const irk_t irk)
{ {
DmSecSetLocalIrk(const_cast<uint8_t*>(irk)); DmSecSetLocalIrk(const_cast<uint8_t*>(irk));
return BLE_ERROR_NONE; return BLE_ERROR_NONE;
} }
ble_error_t CordioSecurityManager::set_csrk(const csrk_t& csrk) ble_error_t CordioSecurityManager::set_csrk(const csrk_t csrk)
{ {
DmSecSetLocalCsrk(const_cast<uint8_t*>(csrk)); DmSecSetLocalCsrk(const_cast<uint8_t*>(csrk));
return BLE_ERROR_NONE; return BLE_ERROR_NONE;
@ -190,27 +193,54 @@ ble_error_t CordioSecurityManager::generate_csrk()
return BLE_ERROR_NOT_IMPLEMENTED; return BLE_ERROR_NOT_IMPLEMENTED;
} }
////////////////////////////////////////////////////////////////////////////
// Global parameters
//
ble_error_t CordioSecurityManager::set_display_passkey(const passkey_num_t passkey)
{
if (passkey) {
_use_default_passkey = true;
_default_passkey = passkey;
} else {
_use_default_passkey = false;
}
return BLE_ERROR_NONE;
}
ble_error_t CordioSecurityManager::set_io_capability(io_capability_t io_capability)
{
pSmpCfg->auth = io_capability.value();
return BLE_ERROR_NONE;
}
ble_error_t CordioSecurityManager::set_encryption_key_requirements(
uint8_t min_encryption_key_size,
uint8_t max_encryption_key_size
) {
if ((min_encryption_key_size < 7) || (min_encryption_key_size > 16) ||
(min_encryption_key_size > max_encryption_key_size)) {
return BLE_ERROR_INVALID_PARAM;
}
pSmpCfg->minKeyLen = min_encryption_key_size;
pSmpCfg->maxKeyLen = max_encryption_key_size;
return BLE_ERROR_NONE;
}
//////////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////////////
// Authentication // Authentication
// //
ble_error_t CordioSecurityManager::send_pairing_request( ble_error_t CordioSecurityManager::send_pairing_request(
connection_handle_t connection, connection_handle_t connection,
io_capability_t io_capability,
bool oob_data_flag, bool oob_data_flag,
AuthenticationMask authentication_requirements, AuthenticationMask authentication_requirements,
uint8_t maximum_encryption_key_size,
KeyDistribution initiator_dist, KeyDistribution initiator_dist,
KeyDistribution responder_dist KeyDistribution responder_dist
) { ) {
if ((maximum_encryption_key_size > 16) ||
(maximum_encryption_key_size < pSmpCfg->minKeyLen)) {
return BLE_ERROR_INVALID_PARAM;
}
pSmpCfg->maxKeyLen = maximum_encryption_key_size;
pSmpCfg->ioCap = io_capability.value();
DmSecPairReq( DmSecPairReq(
connection, connection,
oob_data_flag, oob_data_flag,
@ -224,22 +254,11 @@ ble_error_t CordioSecurityManager::send_pairing_request(
ble_error_t CordioSecurityManager::send_pairing_response( ble_error_t CordioSecurityManager::send_pairing_response(
connection_handle_t connection, connection_handle_t connection,
io_capability_t io_capability,
bool oob_data_flag, bool oob_data_flag,
AuthenticationMask authentication_requirements, AuthenticationMask authentication_requirements,
uint8_t maximum_encryption_key_size,
KeyDistribution initiator_dist, KeyDistribution initiator_dist,
KeyDistribution responder_dist KeyDistribution responder_dist
) { ) {
if ((maximum_encryption_key_size > 16) ||
(maximum_encryption_key_size < pSmpCfg->minKeyLen)) {
return BLE_ERROR_INVALID_PARAM;
}
pSmpCfg->maxKeyLen = maximum_encryption_key_size;
pSmpCfg->ioCap = io_capability.value();
DmSecPairRsp( DmSecPairRsp(
connection, connection,
oob_data_flag, oob_data_flag,
@ -285,7 +304,7 @@ ble_error_t CordioSecurityManager::passkey_request_reply(
} }
ble_error_t CordioSecurityManager::oob_data_request_reply( ble_error_t CordioSecurityManager::oob_data_request_reply(
connection_handle_t connection, const oob_data_t& oob_data connection_handle_t connection, const oob_data_t oob_data
) { ) {
DmSecAuthRsp( DmSecAuthRsp(
connection, connection,
@ -323,47 +342,80 @@ bool CordioSecurityManager::sm_handler(const wsfMsgHdr_t* msg) {
} }
switch (msg->event) { switch (msg->event) {
case DM_SEC_PAIR_CMPL_IND: case DM_SEC_PAIR_CMPL_IND: {
// TODO dmSecPairCmplIndEvt_t* evt = (dmSecPairCmplIndEvt_t*) msg;
// Note: authentication and bonding flags present in the auth field
handler->on_pairing_completed(evt->hdr.param);
return true; return true;
}
case DM_SEC_PAIR_FAIL_IND: { case DM_SEC_PAIR_FAIL_IND: {
connection_handle_t connection = msg->param;
uint8_t status = msg->status; uint8_t status = msg->status;
if (status >= pairing_failure_t::PASSKEY_ENTRY_FAILED && if (status >= pairing_failure_t::PASSKEY_ENTRY_FAILED &&
status <= pairing_failure_t::CROSS_TRANSPORT_KEY_DERIVATION_OR_GENERATION_NOT_ALLOWED) { status <= pairing_failure_t::CROSS_TRANSPORT_KEY_DERIVATION_OR_GENERATION_NOT_ALLOWED) {
handler->on_pairing_error( handler->on_pairing_error(
msg->param, connection,
(pairing_failure_t::type) msg->status (pairing_failure_t::type) status
); );
} else if (status == SMP_ERR_MEMORY) { } else if (status == SMP_ERR_MEMORY) {
// FIXME: report to user // note: report the error as an unspecified error
handler->on_pairing_error(
connection,
pairing_failure_t::UNSPECIFIED_REASON
);
} else if (msg->status == SMP_ERR_TIMEOUT) { } else if (msg->status == SMP_ERR_TIMEOUT) {
// FIXME: forward to timeout handler handler->on_pairing_timed_out(connection);
} else { } else {
// TODO: log error // note: report the error as an unspecified error
handler->on_pairing_error(
connection,
pairing_failure_t::UNSPECIFIED_REASON
);
} }
return true; return true;
} }
case DM_SEC_ENCRYPT_IND: case DM_SEC_ENCRYPT_IND: {
// TODO: Indicate link encryption dmSecEncryptIndEvt_t* evt = (dmSecEncryptIndEvt_t*) msg;
// note: the field usingLtk of the message indicates if an LTK was
// used to encrypt the link
handler->on_link_encryption_result(evt->hdr.param, true);
return true; return true;
}
case DM_SEC_ENCRYPT_FAIL_IND: case DM_SEC_ENCRYPT_FAIL_IND: {
// TODO: indicate link encryption failure // note: msg->status contains the encryption failure status
handler->on_link_encryption_result(msg->param, false);
return true; return true;
}
case DM_SEC_AUTH_REQ_IND: { case DM_SEC_AUTH_REQ_IND: {
dmSecAuthReqIndEvt_t* evt = (dmSecAuthReqIndEvt_t*) msg; dmSecAuthReqIndEvt_t* evt = (dmSecAuthReqIndEvt_t*) msg;
connection_handle_t connection = evt->hdr.param; connection_handle_t connection = evt->hdr.param;
if (evt->oob) { if (evt->oob) {
handler->on_oob_data_request(connection); handler->on_oob_request(connection);
} else if (evt->display) { } else if (evt->display) {
// FIXME: generate the passkey to display or query the default one if (get_security_manager()._use_default_passkey) {
passkey_num_t passkey; handler->on_passkey_display(
connection,
get_security_manager()._default_passkey
);
DmSecAuthRsp(
connection,
3,
reinterpret_cast<uint8_t*>(&(get_security_manager()._default_passkey))
);
} else {
// FIXME: generate a random passkey
passkey_num_t passkey = 0x00654321;
handler->on_passkey_display(connection, passkey); handler->on_passkey_display(connection, passkey);
DmSecAuthRsp(connection, 3, reinterpret_cast<uint8_t*>(&passkey)); DmSecAuthRsp(
connection, 3, reinterpret_cast<uint8_t*>(&passkey)
);
}
} else { } else {
handler->on_passkey_request(connection); handler->on_passkey_request(connection);
} }
@ -382,21 +434,25 @@ bool CordioSecurityManager::sm_handler(const wsfMsgHdr_t* msg) {
case DM_KEY_PEER_LTK: case DM_KEY_PEER_LTK:
handler->on_keys_distributed_ltk(connection, evt->keyData.ltk.key); handler->on_keys_distributed_ltk(connection, evt->keyData.ltk.key);
handler->on_keys_distributed_ediv_rand( handler->on_keys_distributed_ediv_rand(
connection, evt->keyData.ltk.ediv, evt->keyData.ltk.rand connection,
reinterpret_cast<uint8_t*>(evt->keyData.ltk.ediv),
evt->keyData.ltk.rand
); );
break; break;
case DM_KEY_IRK: case DM_KEY_IRK:
handler->on_keys_distributed_bdaddr( handler->on_keys_distributed_bdaddr(
connection, connection,
evt->keyData.irk.addrType, (advertising_peer_address_type_t::type) evt->keyData.irk.addrType,
evt->keyData.irk.bdAddr evt->keyData.irk.bdAddr
); );
handler->on_keys_distributed_irk(connection, evt->keyData.irk.key); handler->on_keys_distributed_irk(connection, evt->keyData.irk.key);
break; break;
case DM_KEY_CSRK: case DM_KEY_CSRK:
handler->on_keys_distributed_csrk(connection, evt->keyData.csrk); handler->on_keys_distributed_csrk(
connection, evt->keyData.csrk.key
);
break; break;
} }
@ -409,7 +465,7 @@ bool CordioSecurityManager::sm_handler(const wsfMsgHdr_t* msg) {
hciLeLtkReqEvt_t* evt = (hciLeLtkReqEvt_t*) msg; hciLeLtkReqEvt_t* evt = (hciLeLtkReqEvt_t*) msg;
handler->on_ltk_request( handler->on_ltk_request(
evt->hdr.param, evt->hdr.param,
evt->encDiversifier, reinterpret_cast<uint8_t*>(&evt->encDiversifier),
evt->randNum evt->randNum
); );
return true; return true;
@ -418,14 +474,12 @@ bool CordioSecurityManager::sm_handler(const wsfMsgHdr_t* msg) {
case DM_SEC_PAIR_IND: { case DM_SEC_PAIR_IND: {
dmSecPairIndEvt_t* evt = (dmSecPairIndEvt_t*) msg; dmSecPairIndEvt_t* evt = (dmSecPairIndEvt_t*) msg;
handler->on_pairing_request( handler->on_pairing_request(
evt->hdr.param, /* connection */ evt->hdr.param,
0, // io capability missing,
evt->oob, evt->oob,
evt->auth, evt->auth,
0, // FIXME: maximum encryption key size missing
evt->iKeyDist, evt->iKeyDist,
evt->rKeyDist evt->rKeyDist
) ; );
return true; return true;
} }
@ -443,8 +497,10 @@ bool CordioSecurityManager::sm_handler(const wsfMsgHdr_t* msg) {
case DM_SEC_KEYPRESS_IND: case DM_SEC_KEYPRESS_IND:
return true; return true;
}
default:
return false;
}
} }