generate oob at will and without passing in connection handle

2018-03-23 18:31:27 +00:00 · 2018-03-23 18:31:27 +00:00 · 98efb9da06
parent d7595803d0
commit 98efb9da06
6 changed files with 58 additions and 27 deletions
--- a/features/FEATURE_BLE/ble/SecurityManager.h
+++ b/features/FEATURE_BLE/ble/SecurityManager.h
@ -735,9 +735,23 @@ public:
    // MITM
    //

+    /**
+     * Generate OOB data with the given address. If Secure Connections is supported this will
+     * also generate Secure Connections OOB data on top of legacy pairing OOB data. This can be used
+     * to generate such data before any connections take place.
+     *
+     * @param[in] address The local address you will use in the connection using this OOB data.
+     * @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
+     */
+    virtual ble_error_t generateOOB(const ble::address_t *address) {
+        /* Avoid compiler warnings about unused variables */
+        (void) address;
+        return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
+    }
+
    /**
     * Enable OOB data usage during paring. If Secure Connections is supported enabling useOOB will
-     * generate Secure Connections OOB data through oobGenerated().
+     * generate Secure Connections OOB data through oobGenerated() on top of legacy pairing OOB data.
     *
     * @param[in] connectionHandle Handle to identify the connection.
     * @param[in] useOOB If set to true, authenticate using OOB data.
--- a/features/FEATURE_BLE/ble/generic/GenericSecurityManager.h
+++ b/features/FEATURE_BLE/ble/generic/GenericSecurityManager.h
@ -192,6 +192,10 @@ public:
    // MITM
    //

+    virtual ble_error_t generateOOB(
+        const address_t *address
+    );
+
    virtual ble_error_t setOOBDataUsage(
        connection_handle_t connection,
        bool useOOB,
@ -441,6 +445,7 @@ private:
    pal::ConnectionEventMonitor &_connection_monitor;

    /* OOB data */
+    address_t _oob_local_address;
    address_t _oob_peer_address;
    oob_lesc_value_t _oob_peer_random;
    oob_confirm_t _oob_peer_confirm;
@ -572,7 +577,6 @@ public:
    /** @copydoc ble::pal::SecurityManager::on_secure_connections_oob_generated
     */
    virtual void on_secure_connections_oob_generated(
-        connection_handle_t connection,
        const oob_lesc_value_t &random,
        const oob_confirm_t &confirm
    );
--- a/features/FEATURE_BLE/ble/pal/PalSecurityManager.h
+++ b/features/FEATURE_BLE/ble/pal/PalSecurityManager.h
@ -399,7 +399,6 @@ public:
         * @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
         */
        virtual void on_secure_connections_oob_generated(
-            connection_handle_t connection,
            const oob_lesc_value_t &random,
            const oob_confirm_t &confirm
        ) = 0;
@ -975,13 +974,9 @@ public:
    ) = 0;

    /**
-     * Generate local OOB data to be sent to the application which sends it to the peer.
-     *
-     * @param[in] connectionHandle Handle to identify the connection.
+     * Generate local OOB data to be sent to the application which sends it to the peer.p
     */
-    virtual ble_error_t generate_secure_connections_oob(
-        connection_handle_t connection
-    ) = 0;
+    virtual ble_error_t generate_secure_connections_oob() = 0;

    /* Entry points for the underlying stack to report events back to the user. */
 public:
--- a/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp
+++ b/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp
@ -500,6 +500,25 @@ ble_error_t GenericSecurityManager::requestAuthentication(connection_handle_t co
 // MITM
 //

+ble_error_t GenericSecurityManager::generateOOB(
+    const address_t *address
+) {
+    /* legacy pairing */
+    _oob_temporary_key_creator_address = *address;
+    get_random_data(_oob_temporary_key.buffer(), 16);
+
+    eventHandler->legacyPairingOobGenerated(
+        &_oob_temporary_key_creator_address,
+        &_oob_temporary_key
+    );
+
+    /* secure connections */
+    _oob_local_address = *address;
+    _pal.generate_secure_connections_oob();
+
+    return BLE_ERROR_NONE;
+}
+
 ble_error_t GenericSecurityManager::setOOBDataUsage(
    connection_handle_t connection,
    bool useOOB,
@ -513,6 +532,7 @@ ble_error_t GenericSecurityManager::setOOBDataUsage(
    cb->attempt_oob = useOOB;
    cb->oob_mitm_protection = OOBProvidesMITM;

+    /* legacy pairing */
    _oob_temporary_key_creator_address = cb->local_address;
    get_random_data(_oob_temporary_key.buffer(), 16);

@ -521,7 +541,9 @@ ble_error_t GenericSecurityManager::setOOBDataUsage(
        &_oob_temporary_key
    );

-    _pal.generate_secure_connections_oob(connection);
+    /* secure connections */
+    _oob_local_address = cb->local_address;
+    _pal.generate_secure_connections_oob();

    return BLE_ERROR_NONE;
 }
@ -714,13 +736,18 @@ void GenericSecurityManager::update_oob_presence(connection_handle_t connection)
        return;
    }

-    /* only update the oob state if we support secure connections,
-     * otherwise follow the user set preference for providing legacy
-     * pairing oob data */
-    cb->oob_present = cb->attempt_oob;
-
+    /* if we support secure connection we only care about secure connections oob data */
    if (_default_authentication.get_secure_connections()) {
        cb->oob_present = (cb->peer_address == _oob_peer_address);
+    } else {
+        /* otherwise for legacy pairing we first set the oob based on set preference */
+        cb->oob_present = cb->attempt_oob;
+
+        /* and also turn it on if we have oob data for legacy pairing */
+        if (cb->peer_address == _oob_temporary_key_creator_address
+            || cb->local_address == _oob_temporary_key_creator_address) {
+            cb->oob_present = true;
+        }
    }
 }

@ -1016,15 +1043,10 @@ void GenericSecurityManager::on_legacy_pairing_oob_request(connection_handle_t c
 }

 void GenericSecurityManager::on_secure_connections_oob_generated(
-    connection_handle_t connection,
    const oob_lesc_value_t &random,
    const oob_confirm_t &confirm
 ) {
-    ControlBlock_t *cb = get_control_block(connection);
-    if (!cb) {
-        return;
-    }
-    eventHandler->oobGenerated(&cb->local_address, &random, &confirm);
+    eventHandler->oobGenerated(&_oob_local_address, &random, &confirm);
    _oob_local_random = random;
 }

--- a/features/FEATURE_BLE/targets/TARGET_CORDIO/CordioPalSecurityManager.h
+++ b/features/FEATURE_BLE/targets/TARGET_CORDIO/CordioPalSecurityManager.h
@ -297,9 +297,7 @@ public:
    /**
     * @see ::ble::pal::SecurityManager::generate_secure_connections_oob
     */
-    virtual ble_error_t generate_secure_connections_oob(
-        connection_handle_t connection
-    );
+    virtual ble_error_t generate_secure_connections_oob();

    /**
     * @see ::ble::pal::SecurityManager::secure_connections_oob_request_reply
--- a/features/FEATURE_BLE/targets/TARGET_CORDIO/source/CordioPalSecurityManager.cpp
+++ b/features/FEATURE_BLE/targets/TARGET_CORDIO/source/CordioPalSecurityManager.cpp
@ -394,9 +394,7 @@ ble_error_t CordioSecurityManager::send_keypress_notification(
    return BLE_ERROR_NONE;
 }

-ble_error_t CordioSecurityManager::generate_secure_connections_oob(
-    connection_handle_t connection
-) {
+ble_error_t CordioSecurityManager::generate_secure_connections_oob() {
    return BLE_ERROR_NOT_IMPLEMENTED;
 }