ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge branch 'security-manager-dev' into oob-gen

pull/6932/head
Vincent Coubard 2018-03-26 16:49:55 +01:00 committed by GitHub
parent 98efb9da06 27ff79c6e5
commit db20ecbbde
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 145 additions and 91 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -86,3 +86,5 @@ tags
# Visual Studio Code # Visual Studio Code
.vscode/ .vscode/
features/FEATURE_BLE/targets/TARGET_CORDIO/stack_backup/

8
features/FEATURE_BLE/ble/pal/PalSecurityManager.h
View File

@ -27,10 +27,10 @@
namespace ble { namespace ble {
namespace pal { namespace pal {
typedef SecurityManager::SecurityCompletionStatus_t SecurityCompletionStatus_t; typedef ::SecurityManager::SecurityCompletionStatus_t SecurityCompletionStatus_t;
typedef SecurityManager::SecurityMode_t SecurityMode_t; typedef ::SecurityManager::SecurityMode_t SecurityMode_t;
typedef SecurityManager::LinkSecurityStatus_t LinkSecurityStatus_t; typedef ::SecurityManager::LinkSecurityStatus_t LinkSecurityStatus_t;
typedef SecurityManager::Keypress_t Keypress_t; typedef ::SecurityManager::Keypress_t Keypress_t;
/** /**
* Key distribution as required by the SMP with convenient setters and getters, * Key distribution as required by the SMP with convenient setters and getters,

6
features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp
View File

@ -39,6 +39,11 @@ ble_error_t GenericSecurityManager::init(
const Passkey_t passkey, const Passkey_t passkey,
bool signing bool signing
) { ) {
ble_error_t err = _pal.initialize();
if (err) {
return err;
}
_db.restore(); _db.restore();
_pal.set_io_capability((io_capability_t::type) iocaps); _pal.set_io_capability((io_capability_t::type) iocaps);
@ -73,6 +78,7 @@ ble_error_t GenericSecurityManager::init(
ble_error_t GenericSecurityManager::reset(void) { ble_error_t GenericSecurityManager::reset(void) {
_db.sync(); _db.sync();
_pal.reset();
SecurityManager::reset(); SecurityManager::reset();
return BLE_ERROR_NONE; return BLE_ERROR_NONE;

135
features/FEATURE_BLE/targets/TARGET_CORDIO/CordioPalSecurityManager.h
View File

@ -20,6 +20,8 @@
#include "ble/pal/PalSecurityManager.h" #include "ble/pal/PalSecurityManager.h"
#include "wsf_types.h" #include "wsf_types.h"
#include "wsf_os.h" #include "wsf_os.h"
#include "sec_api.h"
#include "smp_defs.h"
namespace ble { namespace ble {
namespace pal { namespace pal {
@ -83,16 +85,42 @@ public:
virtual ble_error_t clear_resolving_list(); virtual ble_error_t clear_resolving_list();
//////////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////////////
// Feature support // Pairing
// //
/** /**
* @see ::ble::pal::SecurityManager::set_secure_connections_support * @see ::ble::pal::SecurityManager::send_pairing_request
*/ */
virtual ble_error_t set_secure_connections_support( virtual ble_error_t send_pairing_request(
bool enabled, bool secure_connections_only = false connection_handle_t connection,
bool oob_data_flag,
AuthenticationMask authentication_requirements,
KeyDistribution initiator_dist,
KeyDistribution responder_dist
); );
/**
* @see ::ble::pal::SecurityManager::send_pairing_response
*/
virtual ble_error_t send_pairing_response(
connection_handle_t connection,
bool oob_data_flag,
AuthenticationMask authentication_requirements,
KeyDistribution initiator_dist,
KeyDistribution responder_dist
);
/**
* @see ::ble::pal::SecurityManager::cancel_pairing
*/
virtual ble_error_t cancel_pairing(
connection_handle_t connection, pairing_failure_t reason
);
////////////////////////////////////////////////////////////////////////////
// Feature support
//
/** /**
* @see ::ble::pal::SecurityManager::get_secure_connections_support * @see ::ble::pal::SecurityManager::get_secure_connections_support
*/ */
@ -100,6 +128,11 @@ public:
bool &enabled bool &enabled
); );
/**
* @see ::ble::pal::SecurityManager::set_io_capability
*/
virtual ble_error_t set_io_capability(io_capability_t io_capability);
//////////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////////////
// Security settings // Security settings
// //
@ -118,6 +151,17 @@ public:
connection_handle_t, uint16_t &timeout_in_10ms connection_handle_t, uint16_t &timeout_in_10ms
); );
/**
* @see ::ble::pal::SecurityManager::set_encryption_key_requirements
*/
virtual ble_error_t set_encryption_key_requirements(
uint8_t min_encryption_key_size,
uint8_t max_encryption_key_size
);
/**
* @see ::ble::pal::SecurityManager::slave_security_request
*/
virtual ble_error_t slave_security_request( virtual ble_error_t slave_security_request(
connection_handle_t connection, connection_handle_t connection,
AuthenticationMask authentication AuthenticationMask authentication
@ -195,66 +239,10 @@ public:
*/ */
virtual ble_error_t set_csrk(const csrk_t &csrk); virtual ble_error_t set_csrk(const csrk_t &csrk);
/**
* @see ::ble::pal::SecurityManager::generate_public_key
*/
virtual ble_error_t generate_public_key();
////////////////////////////////////////////////////////////////////////////
// Global parameters
//
/**
* @see ::ble::pal::SecurityManager::set_display_passkey
*/
virtual ble_error_t set_display_passkey(passkey_num_t passkey);
/**
* @see ::ble::pal::SecurityManager::set_io_capability
*/
virtual ble_error_t set_io_capability(io_capability_t io_capability);
/**
* @see ::ble::pal::SecurityManager::set_encryption_key_requirements
*/
virtual ble_error_t set_encryption_key_requirements(
uint8_t min_encryption_key_size,
uint8_t max_encryption_key_size
);
//////////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////////////
// Authentication // Authentication
// //
/**
* @see ::ble::pal::SecurityManager::send_pairing_request
*/
virtual ble_error_t send_pairing_request(
connection_handle_t connection,
bool oob_data_flag,
AuthenticationMask authentication_requirements,
KeyDistribution initiator_dist,
KeyDistribution responder_dist
);
/**
* @see ::ble::pal::SecurityManager::send_pairing_response
*/
virtual ble_error_t send_pairing_response(
connection_handle_t connection,
bool oob_data_flag,
AuthenticationMask authentication_requirements,
KeyDistribution initiator_dist,
KeyDistribution responder_dist
);
/**
* @see ::ble::pal::SecurityManager::cancel_pairing
*/
virtual ble_error_t cancel_pairing(
connection_handle_t connection, pairing_failure_t reason
);
/** /**
* @see ::ble::pal::SecurityManager::get_random_data * @see ::ble::pal::SecurityManager::get_random_data
*/ */
@ -264,6 +252,11 @@ public:
// MITM // MITM
// //
/**
* @see ::ble::pal::SecurityManager::set_display_passkey
*/
virtual ble_error_t set_display_passkey(passkey_num_t passkey);
/** /**
* @see ::ble::pal::SecurityManager::passkey_request_reply * @see ::ble::pal::SecurityManager::passkey_request_reply
*/ */
@ -272,6 +265,16 @@ public:
passkey_num_t passkey passkey_num_t passkey
); );
/**
* @see ::ble::pal::SecurityManager::secure_connections_oob_request_reply
*/
virtual ble_error_t secure_connections_oob_request_reply(
connection_handle_t connection,
const oob_lesc_value_t &local_random,
const oob_lesc_value_t &peer_random,
const oob_confirm_t &peer_confirm
);
/** /**
* @see ::ble::pal::SecurityManager::legacy_pairing_oob_request_reply * @see ::ble::pal::SecurityManager::legacy_pairing_oob_request_reply
*/ */
@ -299,16 +302,6 @@ public:
*/ */
virtual ble_error_t generate_secure_connections_oob(); virtual ble_error_t generate_secure_connections_oob();
/**
* @see ::ble::pal::SecurityManager::secure_connections_oob_request_reply
*/
virtual ble_error_t secure_connections_oob_request_reply(
connection_handle_t connection,
const oob_lesc_value_t &local_random,
const oob_lesc_value_t &peer_random,
const oob_confirm_t &peer_confirm
);
// singleton of the ARM Cordio Security Manager // singleton of the ARM Cordio Security Manager
static CordioSecurityManager &get_security_manager(); static CordioSecurityManager &get_security_manager();
@ -318,6 +311,8 @@ public:
private: private:
bool _use_default_passkey; bool _use_default_passkey;
passkey_num_t _default_passkey; passkey_num_t _default_passkey;
bool _lesc_keys_generated;
uint8_t _public_key_x[SEC_ECC_KEY_LEN];
}; };
} // cordio } // cordio

85
features/FEATURE_BLE/targets/TARGET_CORDIO/source/CordioPalSecurityManager.cpp
View File

@ -14,6 +14,8 @@
* limitations under the License. * limitations under the License.
*/ */
#include <string.h>
#include "CordioPalSecurityManager.h" #include "CordioPalSecurityManager.h"
#include "dm_api.h" #include "dm_api.h"
#include "smp_api.h" #include "smp_api.h"
@ -27,7 +29,9 @@ namespace cordio {
CordioSecurityManager::CordioSecurityManager() : CordioSecurityManager::CordioSecurityManager() :
::ble::pal::SecurityManager(), ::ble::pal::SecurityManager(),
_use_default_passkey(false), _use_default_passkey(false),
_default_passkey(0) _default_passkey(0),
_lesc_keys_generated(false),
_public_key_x()
{ {
} }
@ -43,6 +47,17 @@ CordioSecurityManager::~CordioSecurityManager()
ble_error_t CordioSecurityManager::initialize() ble_error_t CordioSecurityManager::initialize()
{ {
// reset local state
_use_default_passkey = false;
_default_passkey = 0;
_lesc_keys_generated = false;
#if 0
// FIXME: need help from the stack or local calculation
// generate a new set of keys
DmSecGenerateEccKeyReq();
#endif
return BLE_ERROR_NONE; return BLE_ERROR_NONE;
} }
@ -53,6 +68,7 @@ ble_error_t CordioSecurityManager::terminate()
ble_error_t CordioSecurityManager::reset() ble_error_t CordioSecurityManager::reset()
{ {
initialize();
return BLE_ERROR_NONE; return BLE_ERROR_NONE;
} }
@ -93,6 +109,8 @@ ble_error_t CordioSecurityManager::clear_resolving_list()
// Feature support // Feature support
// //
// FIXME: Enable when new function available in the pal.
#if 0
ble_error_t CordioSecurityManager::set_secure_connections_support( ble_error_t CordioSecurityManager::set_secure_connections_support(
bool enabled, bool secure_connections_only bool enabled, bool secure_connections_only
) { ) {
@ -104,6 +122,7 @@ ble_error_t CordioSecurityManager::set_secure_connections_support(
} }
return BLE_ERROR_NONE; return BLE_ERROR_NONE;
} }
#endif
ble_error_t CordioSecurityManager::get_secure_connections_support( ble_error_t CordioSecurityManager::get_secure_connections_support(
bool &enabled bool &enabled
@ -253,12 +272,6 @@ ble_error_t CordioSecurityManager::set_csrk(const csrk_t& csrk)
return BLE_ERROR_NONE; return BLE_ERROR_NONE;
} }
ble_error_t CordioSecurityManager::generate_public_key()
{
// FIXME
return BLE_ERROR_NOT_IMPLEMENTED;
}
//////////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////////////
// Global parameters // Global parameters
// //
@ -380,8 +393,8 @@ ble_error_t CordioSecurityManager::legacy_pairing_oob_request_reply(
ble_error_t CordioSecurityManager::confirmation_entered( ble_error_t CordioSecurityManager::confirmation_entered(
connection_handle_t connection, bool confirmation connection_handle_t connection, bool confirmation
) { ) {
// FIXME: DmSecCompareRsp(connection, confirmation);
return BLE_ERROR_NOT_IMPLEMENTED; return BLE_ERROR_NONE;
} }
// FIXME: remove when declaration from the stack is available // FIXME: remove when declaration from the stack is available
@ -394,8 +407,12 @@ ble_error_t CordioSecurityManager::send_keypress_notification(
return BLE_ERROR_NONE; return BLE_ERROR_NONE;
} }
ble_error_t CordioSecurityManager::generate_secure_connections_oob() { ble_error_t CordioSecurityManager::generate_secure_connections_oob() {
return BLE_ERROR_NOT_IMPLEMENTED; uint8_t oobLocalRandom[SMP_RAND_LEN];
SecRand(oobLocalRandom, SMP_RAND_LEN);
DmSecCalcOobReq(oobLocalRandom, _public_key_x);
return BLE_ERROR_NONE;
} }
ble_error_t CordioSecurityManager::secure_connections_oob_request_reply( ble_error_t CordioSecurityManager::secure_connections_oob_request_reply(
@ -404,7 +421,18 @@ ble_error_t CordioSecurityManager::secure_connections_oob_request_reply(
const oob_lesc_value_t &peer_random, const oob_lesc_value_t &peer_random,
const oob_confirm_t &peer_confirm const oob_confirm_t &peer_confirm
) { ) {
return BLE_ERROR_NOT_IMPLEMENTED; dmSecLescOobCfg_t oob_config = { 0 };
memcpy(oob_config.localRandom, local_random.data(), local_random.size());
// FIXME:
// memcpy(oob_config.localConfirm, ?, ?);
memcpy(oob_config.peerRandom, peer_random.data(), peer_random.size());
memcpy(oob_config.peerConfirm, peer_confirm.data(), peer_confirm.size());
DmSecSetOob(connection, &oob_config);
DmSecAuthRsp(connection, 0, NULL);
return BLE_ERROR_NONE;
} }
CordioSecurityManager& CordioSecurityManager::get_security_manager() CordioSecurityManager& CordioSecurityManager::get_security_manager()
@ -414,8 +442,8 @@ CordioSecurityManager& CordioSecurityManager::get_security_manager()
} }
bool CordioSecurityManager::sm_handler(const wsfMsgHdr_t* msg) { bool CordioSecurityManager::sm_handler(const wsfMsgHdr_t* msg) {
SecurityManager::EventHandler* handler = CordioSecurityManager& self = get_security_manager();
get_security_manager().get_event_handler(); SecurityManager::EventHandler* handler = self.get_event_handler();
if ((msg == NULL) || (handler == NULL)) { if ((msg == NULL) || (handler == NULL)) {
return false; return false;
@ -477,6 +505,11 @@ bool CordioSecurityManager::sm_handler(const wsfMsgHdr_t* msg) {
connection_handle_t connection = evt->hdr.param; connection_handle_t connection = evt->hdr.param;
if (evt->oob) { if (evt->oob) {
// FIXME: Nothing in the API indicates if smp or sc OOB are
// requested.
// To set secure connection OOB:
// - DmSecSetOob(connection, oob_data)
// - DmSecAuthRsp(connection, 0, NULL)
handler->on_legacy_pairing_oob_request(connection); handler->on_legacy_pairing_oob_request(connection);
} else if (evt->display) { } else if (evt->display) {
if (get_security_manager()._use_default_passkey) { if (get_security_manager()._use_default_passkey) {
@ -600,18 +633,36 @@ bool CordioSecurityManager::sm_handler(const wsfMsgHdr_t* msg) {
return true; return true;
} }
case DM_SEC_CALC_OOB_IND: case DM_SEC_CALC_OOB_IND: {
dmSecOobCalcIndEvt_t* evt = (dmSecOobCalcIndEvt_t*) msg;
handler->on_secure_connections_oob_generated(
evt->hdr.param,
evt->random,
evt->confirm
);
return true; return true;
}
case DM_SEC_ECC_KEY_IND: case DM_SEC_ECC_KEY_IND: {
secEccMsg_t* evt = (secEccMsg_t*) msg;
DmSecSetEccKey(&evt->data.key);
memcpy(self._public_key_x, evt->data.key.pubKey_x, sizeof(_public_key_x));
self._lesc_keys_generated = true;
return true; return true;
}
case DM_SEC_COMPARE_IND: case DM_SEC_COMPARE_IND: {
dmSecCnfIndEvt_t* evt = (dmSecCnfIndEvt_t*) msg;
handler->on_passkey_display(
/* connection */ evt->hdr.param,
DmSecGetCompareValue(evt->confirm)
);
handler->on_confirmation_request(/* connection */ evt->hdr.param);
return true; return true;
}
case DM_SEC_KEYPRESS_IND: { case DM_SEC_KEYPRESS_IND: {
dmSecKeypressIndEvt_t* evt = (dmSecKeypressIndEvt_t*) msg; dmSecKeypressIndEvt_t* evt = (dmSecKeypressIndEvt_t*) msg;
handler->on_keypress_notification( handler->on_keypress_notification(
/* connection */ evt->hdr.param, /* connection */ evt->hdr.param,
(Keypress_t) evt->notificationType (Keypress_t) evt->notificationType