pass in information about the mitm and sc quality of the ltk to the pal

2018-02-28 12:02:54 +00:00 · 2018-02-28 12:02:54 +00:00 · c52d324dab
parent abcc5db44b
commit c52d324dab
4 changed files with 33 additions and 13 deletions
--- a/features/FEATURE_BLE/ble/pal/PalSecurityManager.h
+++ b/features/FEATURE_BLE/ble/pal/PalSecurityManager.h
@ -766,13 +766,15 @@ public:
     * @param[in] ltk long term key from the peer
     * @param[in] ediv encryption diversifier from the peer
     * @param[in] rand random value from the peer
+     * @param[in] mitm does the LTK have man in the middle protection
     * @retval BLE_ERROR_NONE On success, else an error code indicating reason for failure
     */
    virtual ble_error_t enable_encryption(
        connection_handle_t connection,
        const ltk_t &ltk,
        const rand_t &rand,
-        const ediv_t &ediv
+        const ediv_t &ediv,
+        bool mitm
    ) = 0;

    /**
@ -781,11 +783,13 @@ public:
     *
     * @param[in] connection connection handle
     * @param[in] ltk long term key from the peer
+     * @param[in] mitm does the LTK have man in the middle protection
     * @retval BLE_ERROR_NONE On success, else an error code indicating reason for failure
     */
    virtual ble_error_t enable_encryption(
        connection_handle_t connection,
-        const ltk_t &ltk
+        const ltk_t &ltk,
+        bool mitm
    ) = 0;

    virtual ble_error_t disable_encryption(
@ -834,11 +838,15 @@ public:
     *
     * @param[in] connection connection handle
     * @param[in] ltk long term key
+     * @param[in] mitm does the LTK have man in the middle protection
+     * @param[in] secure_connections is this a secure_connections pairing
     * @retval BLE_ERROR_NONE On success, else an error code indicating reason for failure
     */
    virtual ble_error_t set_ltk(
        connection_handle_t connection,
-        const ltk_t &ltk
+        const ltk_t &ltk,
+        bool mitm,
+        bool secure_connections
    ) = 0;

    /**
--- a/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp
+++ b/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp
@ -654,9 +654,9 @@ void GenericSecurityManager::enable_encryption_cb(

    if (cb && entryKeys) {
        if (cb->secure_connections_paired) {
-            _pal.enable_encryption(cb->connection, entryKeys->ltk);
+            _pal.enable_encryption(cb->connection, entryKeys->ltk, cb->ltk_mitm_protected);
        } else {
-            _pal.enable_encryption(cb->connection, entryKeys->ltk, entryKeys->rand, entryKeys->ediv);
+            _pal.enable_encryption(cb->connection, entryKeys->ltk, entryKeys->rand, entryKeys->ediv, cb->ltk_mitm_protected);
        }
    }
 }
@ -669,7 +669,7 @@ void GenericSecurityManager::set_ltk_cb(

    if (cb) {
        if (entryKeys) {
-            _pal.set_ltk(cb->connection, entryKeys->ltk);
+            _pal.set_ltk(cb->connection, entryKeys->ltk, cb->ltk_mitm_protected, cb->secure_connections_paired);
        } else {
            _pal.set_ltk_not_found(cb->connection);
        }
@ -1206,8 +1206,8 @@ void GenericSecurityManager::on_ltk_request(
 GenericSecurityManager::ControlBlock_t::ControlBlock_t() :
    pal::SecurityDistributionFlags_t(),
    connection(0),
-    local_address(),
    db_entry(0),
+    local_address(),
    connected(false),
    authenticated(false),
    is_master(false),
--- a/features/FEATURE_BLE/targets/TARGET_CORDIO/CordioPalSecurityManager.h
+++ b/features/FEATURE_BLE/targets/TARGET_CORDIO/CordioPalSecurityManager.h
@ -134,7 +134,8 @@ public:
        connection_handle_t connection,
        const ltk_t &ltk,
        const rand_t &rand,
-        const ediv_t &ediv
+        const ediv_t &ediv,
+        bool mitm
    );

    /**
@ -142,7 +143,8 @@ public:
     */
    virtual ble_error_t enable_encryption(
        connection_handle_t connection,
-        const ltk_t &ltk
+        const ltk_t &ltk,
+        bool mitm
    );

    /**
@ -188,7 +190,12 @@ public:
    /**
     * @see ::ble::pal::SecurityManager::set_ltk
     */
-    virtual ble_error_t set_ltk(connection_handle_t connection, const ltk_t &ltk);
+    virtual ble_error_t set_ltk(
+        connection_handle_t connection,
+        const ltk_t &ltk,
+        bool mitm,
+        bool secure_connections
+    );

    /**
     * @see ::ble::pal::SecurityManager::set_ltk_not_found
--- a/features/FEATURE_BLE/targets/TARGET_CORDIO/source/CordioPalSecurityManager.cpp
+++ b/features/FEATURE_BLE/targets/TARGET_CORDIO/source/CordioPalSecurityManager.cpp
@ -134,7 +134,8 @@ ble_error_t CordioSecurityManager::enable_encryption(
    connection_handle_t connection,
    const ltk_t &ltk,
    const rand_t &rand,
-    const ediv_t &ediv
+    const ediv_t &ediv,
+    bool mitm
 ) {
    dmSecLtk_t sec_ltk;
    memcpy(sec_ltk.key, ltk.data(), ltk.size());
@ -152,7 +153,8 @@ ble_error_t CordioSecurityManager::enable_encryption(

 ble_error_t CordioSecurityManager::enable_encryption(
    connection_handle_t connection,
-    const ltk_t &ltk
+    const ltk_t &ltk,
+    bool mitm
 ) {
    dmSecLtk_t sec_ltk = { 0 };
    memcpy(sec_ltk.key, ltk.data(), ltk.size());
@ -207,7 +209,10 @@ ble_error_t CordioSecurityManager::set_private_address_timeout(
 //

 ble_error_t CordioSecurityManager::set_ltk(
-    connection_handle_t connection, const ltk_t& ltk
+    connection_handle_t connection,
+    const ltk_t& ltk,
+    bool mitm,
+    bool secure_connections
 ) {
    // FIXME: get access to the security level of a key
    DmSecLtkRsp(