ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

storing sc oob, checking for its presence

pull/6188/head
paul-szczepanek-arm 2018-02-08 18:23:23 +00:00
parent cba77ad5d1
commit d061c89e31
4 changed files with 62 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
features/FEATURE_BLE/ble/BLETypes.h
View File

@ -351,14 +351,6 @@ typedef octet_type_t<32> public_key_t;
typedef octet_type_t<32> private_key_t;
typedef octet_type_t<32> dhkey_t;
/* X and Y coordinate pair of the public key */
struct public_key_pair_t {
public_key_pair_t() {};
public_key_t x;
public_key_t y;
};
/**
* MAC address data type.
*/

4
features/FEATURE_BLE/ble/SecurityManager.h
View File

@ -253,7 +253,7 @@ public:
* @param[in] address address that will be used in the pairing
* @param[in] temporaryKey temporary key to be used in legacy pairing
*/
virtual void legacyPairingOobGenerated(address_t address,
virtual void legacyPairingOobGenerated(const address_t *address,
const oob_tk_t *temporaryKey) {
(void)address;
(void)temporaryKey;
@ -268,7 +268,7 @@ public:
* @param[in] confirm confirmation value to be use for authentication
* in secure connections pairing
*/
virtual void oobGenerated(address_t address,
virtual void oobGenerated(const address_t *address,
const oob_rand_t *random,
const oob_confirm_t *confirm) {
(void)address;

32
features/FEATURE_BLE/ble/generic/GenericSecurityManager.h
View File

@ -273,11 +273,12 @@ protected:
GenericSecurityManager(ble::pal::SecurityManager& palImpl, GenericSecurityDb& dbImpl)
: _pal(palImpl),
_db(dbImpl),
_default_authentication(0),
_default_key_distribution(KeyDistribution::KEY_DISTRIBUTION_ALL),
_pairing_authorisation_required(false),
_legacy_pairing_allowed(true),
_master_sends_keys(false),
_default_authentication(0),
_default_key_distribution(KeyDistribution::KEY_DISTRIBUTION_ALL) {
_public_keys_generated(false) {
_app_event_handler = &defaultEventHandler;
_pal.set_event_handler(this);
}
@ -335,7 +336,7 @@ private:
/**
* Returns the CSRK for the connection. Called by the security db.
*
* @param[in] entry security entry returned by the database.
* @param[in] connectionHandle Handle to identify the connection.
* @param[in] entryKeys security entry containing keys.
*/
void return_csrk_cb(
@ -343,6 +344,24 @@ private:
const csrk_t *csrk
);
/**
* Generate local OOB data to be sent to the application which sends it to the peer.
*
* @param[in] connectionHandle Handle to identify the connection.
*/
void generate_secure_connections_oob(
connection_handle_t connection
);
/**
* Updates the entry for the connection with OOB data presence.
*
* @param[in] connectionHandle Handle to identify the connection.
*/
void update_oob_presence(
connection_handle_t connection
);
private:
ble::pal::SecurityManager& _pal;
GenericSecurityDb& _db;
@ -350,9 +369,10 @@ private:
AuthenticationMask _default_authentication;
KeyDistribution _default_key_distribution;
address_t _sc_oob_address;
oob_rand_t _sc_oob_random;
oob_confirm_t _sc_oob_confirm;
address_t _sc_oob_peer_address;
oob_rand_t _sc_oob_peer_random;
oob_confirm_t _sc_oob_peer_confirm;
oob_rand_t _sc_oob_local_random;
bool _pairing_authorisation_required;
bool _legacy_pairing_allowed;

39
features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp
View File

@ -92,6 +92,7 @@ ble_error_t GenericSecurityManager::init(
ble_error_t GenericSecurityManager::reset(void) {
_db.sync();
_public_keys_generated = false;
SecurityManager::reset();
return BLE_ERROR_NONE;
@ -140,6 +141,7 @@ ble_error_t GenericSecurityManager::requestPairing(connection_handle_t connectio
}
set_mitm_performed(connection, false);
update_oob_presence(connection);
AuthenticationMask link_authentication(_default_authentication);
link_authentication.set_mitm(entry->mitm_requested);
@ -163,6 +165,8 @@ ble_error_t GenericSecurityManager::acceptPairingRequest(connection_handle_t con
return BLE_ERROR_INVALID_PARAM;
}
update_oob_presence(connection);
AuthenticationMask link_authentication(_default_authentication);
link_authentication.set_mitm(entry->mitm_requested);
@ -484,6 +488,11 @@ ble_error_t GenericSecurityManager::setOOBDataUsage(
entry->oob = useOOB;
entry->oob_mitm_protection = OOBProvidesMITM;
if (_public_keys_generated) {
generate_secure_connections_oob(connection);
}
return BLE_ERROR_NONE;
}
@ -532,13 +541,14 @@ ble_error_t GenericSecurityManager::oobReceived(
const oob_confirm_t *confirm
) {
if (address && random && confirm) {
SecurityEntry_t *entry = _db.get_entry(*address);
if (!entry) {
return BLE_ERROR_INVALID_PARAM;
}
_sc_oob_peer_address = *address;
_sc_oob_local_random = *random;
_sc_oob_peer_confirm = *confirm;
return BLE_ERROR_NONE;
}
return BLE_ERROR_NONE;
return BLE_ERROR_INVALID_PARAM;
}
////////////////////////////////////////////////////////////////////////////
@ -626,6 +636,24 @@ void GenericSecurityManager::return_csrk_cb(
);
}
void GenericSecurityManager::generate_secure_connections_oob(
connection_handle_t connection
) {
address_t local_address;
oob_confirm_t confirm;
/*TODO:generate*/
_app_event_handler->oobGenerated(&local_address, &_sc_oob_local_random, &confirm);
}
void GenericSecurityManager::update_oob_presence(connection_handle_t connection) {
SecurityEntry_t *entry = _db.get_entry(connection);
if (entry) {
if (entry->peer_address == _sc_oob_peer_address) {
entry->oob = true;
}
}
}
/* Implements ble::pal::SecurityManagerEventHandler */
////////////////////////////////////////////////////////////////////////////
@ -843,6 +871,7 @@ void GenericSecurityManager::on_public_key_generated(
const public_key_t &public_key_y
) {
_db.set_public_key(public_key_x, public_key_y);
_public_keys_generated = true;
}
void GenericSecurityManager::on_secure_connections_ltk_generated(