diff --git a/features/FEATURE_BLE/ble/pal/PalSecurityManager.h b/features/FEATURE_BLE/ble/pal/PalSecurityManager.h index 3abe4cb5c9..948e64f4c8 100644 --- a/features/FEATURE_BLE/ble/pal/PalSecurityManager.h +++ b/features/FEATURE_BLE/ble/pal/PalSecurityManager.h @@ -766,13 +766,15 @@ public: * @param[in] ltk long term key from the peer * @param[in] ediv encryption diversifier from the peer * @param[in] rand random value from the peer + * @param[in] mitm does the LTK have man in the middle protection * @retval BLE_ERROR_NONE On success, else an error code indicating reason for failure */ virtual ble_error_t enable_encryption( connection_handle_t connection, const ltk_t <k, const rand_t &rand, - const ediv_t &ediv + const ediv_t &ediv, + bool mitm ) = 0; /** @@ -781,11 +783,13 @@ public: * * @param[in] connection connection handle * @param[in] ltk long term key from the peer + * @param[in] mitm does the LTK have man in the middle protection * @retval BLE_ERROR_NONE On success, else an error code indicating reason for failure */ virtual ble_error_t enable_encryption( connection_handle_t connection, - const ltk_t <k + const ltk_t <k, + bool mitm ) = 0; virtual ble_error_t disable_encryption( @@ -834,11 +838,15 @@ public: * * @param[in] connection connection handle * @param[in] ltk long term key + * @param[in] mitm does the LTK have man in the middle protection + * @param[in] secure_connections is this a secure_connections pairing * @retval BLE_ERROR_NONE On success, else an error code indicating reason for failure */ virtual ble_error_t set_ltk( connection_handle_t connection, - const ltk_t <k + const ltk_t <k, + bool mitm, + bool secure_connections ) = 0; /** diff --git a/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp b/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp index aa280c04c3..481a261f45 100644 --- a/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp +++ b/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp @@ -654,9 +654,9 @@ void GenericSecurityManager::enable_encryption_cb( if (cb && entryKeys) { if (cb->secure_connections_paired) { - _pal.enable_encryption(cb->connection, entryKeys->ltk); + _pal.enable_encryption(cb->connection, entryKeys->ltk, cb->ltk_mitm_protected); } else { - _pal.enable_encryption(cb->connection, entryKeys->ltk, entryKeys->rand, entryKeys->ediv); + _pal.enable_encryption(cb->connection, entryKeys->ltk, entryKeys->rand, entryKeys->ediv, cb->ltk_mitm_protected); } } } @@ -669,7 +669,7 @@ void GenericSecurityManager::set_ltk_cb( if (cb) { if (entryKeys) { - _pal.set_ltk(cb->connection, entryKeys->ltk); + _pal.set_ltk(cb->connection, entryKeys->ltk, cb->ltk_mitm_protected, cb->secure_connections_paired); } else { _pal.set_ltk_not_found(cb->connection); } @@ -1206,8 +1206,8 @@ void GenericSecurityManager::on_ltk_request( GenericSecurityManager::ControlBlock_t::ControlBlock_t() : pal::SecurityDistributionFlags_t(), connection(0), - local_address(), db_entry(0), + local_address(), connected(false), authenticated(false), is_master(false), diff --git a/features/FEATURE_BLE/targets/TARGET_CORDIO/CordioPalSecurityManager.h b/features/FEATURE_BLE/targets/TARGET_CORDIO/CordioPalSecurityManager.h index 4ea547d91e..ed41ca8ea1 100644 --- a/features/FEATURE_BLE/targets/TARGET_CORDIO/CordioPalSecurityManager.h +++ b/features/FEATURE_BLE/targets/TARGET_CORDIO/CordioPalSecurityManager.h @@ -134,7 +134,8 @@ public: connection_handle_t connection, const ltk_t <k, const rand_t &rand, - const ediv_t &ediv + const ediv_t &ediv, + bool mitm ); /** @@ -142,7 +143,8 @@ public: */ virtual ble_error_t enable_encryption( connection_handle_t connection, - const ltk_t <k + const ltk_t <k, + bool mitm ); /** @@ -188,7 +190,12 @@ public: /** * @see ::ble::pal::SecurityManager::set_ltk */ - virtual ble_error_t set_ltk(connection_handle_t connection, const ltk_t <k); + virtual ble_error_t set_ltk( + connection_handle_t connection, + const ltk_t <k, + bool mitm, + bool secure_connections + ); /** * @see ::ble::pal::SecurityManager::set_ltk_not_found diff --git a/features/FEATURE_BLE/targets/TARGET_CORDIO/source/CordioPalSecurityManager.cpp b/features/FEATURE_BLE/targets/TARGET_CORDIO/source/CordioPalSecurityManager.cpp index c4c3eb75f6..a21333a95d 100644 --- a/features/FEATURE_BLE/targets/TARGET_CORDIO/source/CordioPalSecurityManager.cpp +++ b/features/FEATURE_BLE/targets/TARGET_CORDIO/source/CordioPalSecurityManager.cpp @@ -134,7 +134,8 @@ ble_error_t CordioSecurityManager::enable_encryption( connection_handle_t connection, const ltk_t <k, const rand_t &rand, - const ediv_t &ediv + const ediv_t &ediv, + bool mitm ) { dmSecLtk_t sec_ltk; memcpy(sec_ltk.key, ltk.data(), ltk.size()); @@ -152,7 +153,8 @@ ble_error_t CordioSecurityManager::enable_encryption( ble_error_t CordioSecurityManager::enable_encryption( connection_handle_t connection, - const ltk_t <k + const ltk_t <k, + bool mitm ) { dmSecLtk_t sec_ltk = { 0 }; memcpy(sec_ltk.key, ltk.data(), ltk.size()); @@ -207,7 +209,10 @@ ble_error_t CordioSecurityManager::set_private_address_timeout( // ble_error_t CordioSecurityManager::set_ltk( - connection_handle_t connection, const ltk_t& ltk + connection_handle_t connection, + const ltk_t& ltk, + bool mitm, + bool secure_connections ) { // FIXME: get access to the security level of a key DmSecLtkRsp(