ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

added MITM to user facing security manager api

pull/6188/head
paul-szczepanek-arm 2018-01-05 17:32:49 +00:00
parent e75042e3e4
commit e1676dc1cc
3 changed files with 109 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
features/FEATURE_BLE/ble/SecurityManager.h
View File

@ -86,6 +86,10 @@ public:
*/
static const unsigned PASSKEY_LEN = 6;
typedef uint8_t Passkey_t[PASSKEY_LEN]; /**< 6-digit passkey in ASCII ('0'-'9' digits only). */
typedef uint8_t c192_t[16];
typedef uint8_t r192_t[16];
typedef uint8_t c256_t[16];
typedef uint8_t r256_t[16];
typedef void (*HandleSpecificEvent_t)(Gap::Handle_t handle);
typedef void (*SecuritySetupInitiatedCallback_t)(Gap::Handle_t, bool allowBonding, bool requireMITM, SecurityIOCapabilities_t iocaps);
@ -195,7 +199,7 @@ public:
return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
}
virtual ble_error_t setOOBDataUsage(Gap::Handle_t connectionHandle, bool useOOB, bool OOBProvidesMITM) {
virtual ble_error_t setOOBDataUsage(Gap::Handle_t connectionHandle, bool useOOB, bool OOBProvidesMITM = false) {
/* Avoid compiler warnings about unused variables */
(void) connectionHandle;
(void) useOOB;
@ -204,6 +208,69 @@ public:
return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
}
virtual ble_error_t setPinCode(uint8_t pinLength, uint8_t * pinCode, bool isStatic = false) {
(void) pinLength;
(void) pinCode;
(void) isStatic;
return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
}
virtual ble_error_t setPasskey(const Passkey_t passkey) {
(void) passkey;
return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
}
virtual ble_error_t confirmationEntered(Gap::Handle_t handle, bool confirmation) {
(void) handle;
(void) confirmation;
return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
}
virtual ble_error_t passkeyEntered(Gap::Handle_t handle, Passkey_t passkey) {
(void) handle;
(void) passkey;
return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
}
virtual ble_error_t sendKeypressNotification(Gap::Handle_t handle, Keypress_t keypress) {
(void) handle;
(void) keypress;
return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
}
virtual ble_error_t setOob(Gap::Handle_t handle, c192_t* hash192, r192_t* rand192) {
(void) handle;
(void) hash192;
(void) rand192;
return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
}
virtual ble_error_t setExtendedOob(Gap::Handle_t handle,
c192_t* hash192, r192_t* rand192,
c256_t* hash256, r256_t* rand256) {
(void) handle;
(void) hash192;
(void) rand192;
(void) hash256;
(void) rand256;
return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
}
virtual ble_error_t getLocalOobData(Gap::Handle_t handle, c192_t* hash192, r192_t* rand192) {
(void) handle;
(void) hash192;
(void) rand192;
return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
}
virtual ble_error_t getLocalExtendedOobData(Gap::Handle_t handle,
c192_t* hash192, r192_t* rand192,
c256_t* hash256, r256_t* rand256) {
(void) handle;
(void) hash192;
(void) rand192;
(void) hash256;
(void) rand256;
return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
}
/* Event callback handlers. */
public:
/**

33
features/FEATURE_BLE/ble/pal/PalSm.h
View File

@ -25,6 +25,11 @@ using SecurityManager::SecurityMode_t;
using SecurityManager::LinkSecurityStatus_t;
using SecurityManager::Passkey_t;
using SecurityManager::Keypress_t;
using SecurityManager::c192_t;
using SecurityManager::r192_t;
using SecurityManager::c256_t;
using SecurityManager::r256_t;
using SecurityManager::PasskeyNum_t;
using BLEProtocol::AddressBytes_t;
using BLEProtocol::Address_t;
@ -35,11 +40,7 @@ typedef uint8_t csrk_t[16];
typedef uint8_t ltk_t[16];
typedef uint8_t ediv_t[8];
typedef uint8_t rand_t[2];
typedef uint8_t passkey_t[4];
typedef uint8_t c192_t[16];
typedef uint8_t r192_t[16];
typedef uint8_t c256_t[16];
typedef uint8_t r256_t[16];
typedef uint32_t passkey_num_t;
struct bonded_list_entry_t {
Address_t peer_address;
@ -72,6 +73,7 @@ struct bonded_list_t {
class SecurityManager : private mbed::NonCopyable<SecurityManager> {
public:
SecurityManager() : _event_handler(NULL) { };
virtual ~SecurityManager() { };
virtual ble_error_t initialize() = 0;
virtual ble_error_t terminate() = 0;
@ -97,7 +99,8 @@ public:
virtual ble_error_t set_authentication_timeout(connection_handle_t, uint16_t timeout /*x10 ms*/) = 0;
virtual ble_error_t get_authentication_timeout(connection_handle_t, uint16_t *timeout /*x10 ms*/) = 0;
virtual ble_error_t set_pin_code(uint8_t pin_length, uint8_t *pin_code, bool variable_pin = true) = 0;
virtual ble_error_t set_pin_code(uint8_t pin_length, uint8_t *pin_code, bool static_pin = false) = 0;
virtual ble_error_t set_passkey(passkey_num_t passkey) = 0;
/* feature support */
@ -111,15 +114,15 @@ public:
/* security level */
virtual ble_error_t set_security_settings(connection_handle_t address,
bool bondable = true,
SecurityIOCapabilities_t iocaps = IO_CAPS_NONE,
bool use_oob = false,
bool send_keypresses = false) = 0;
virtual ble_error_t set_security_settings(bool bondable = true,
SecurityIOCapabilities_t iocaps = IO_CAPS_NONE,
bool send_keypresses = false) = 0;
virtual ble_error_t set_oob_data_usage(Gap::Handle_t connectionHandle, bool useOOB, bool OOBProvidesMITM) = 0;
/* triggers pairing if required */
virtual ble_error_t set_security_mode(connection_handle_t handle,
SecurityMode_t mode) = 0;
SecurityMode_t mode) = 0;
virtual ble_error_t get_encryption_status(connection_handle_t handle,
LinkSecurityStatus_t *mode) = 0;
@ -127,7 +130,7 @@ public:
/* MITM */
virtual ble_error_t confirmation_entered(connection_handle_t address, bool confirmation) = 0;
virtual ble_error_t passkey_entered(connection_handle_t, passkey_t passkey) = 0;
virtual ble_error_t passkey_entered(connection_handle_t, PasskeyNum_t passkey) = 0;
virtual ble_error_t send_keypress_notification(connection_handle_t, Keypress_t keypress) = 0;
virtual ble_error_t set_oob(connection_handle_t handle, c192_t*, r192_t*) = 0;
@ -153,7 +156,7 @@ private:
};
}
}
} /* namespace pal */
} /* namespace ble */
#endif /* MBED_OS_FEATURES_FEATURE_BLE_BLE_PAL_PALSM_H_ */

41
features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp
View File

@ -23,22 +23,20 @@
namespace ble {
namespace generic {
static const uint8_t NUMBER_OFFSET = '0';
class GenericSecurityManager : public SecurityManager {
public:
virtual ble_error_t init(bool enableBonding = true,
bool requireMITM = true,
SecurityIOCapabilities_t iocaps = IO_CAPS_NONE,
const Passkey_t passkey = NULL) {
/* Avoid compiler warnings about unused variables. */
(void)enableBonding;
virtual ble_error_t init(bool enableBonding = true,
bool requireMITM = true,
SecurityIOCapabilities_t iocaps = IO_CAPS_NONE,
const Passkey_t passkey = NULL) {
(void)requireMITM;
(void)iocaps;
(void)passkey;
loadState();
pal.set_security_settings(enableBonding, iocaps);
pal.set_passkey(passkey, true);
return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
return BLE_ERROR_NONE;
}
void saveState() {
@ -70,13 +68,8 @@ public:
return pal.get_whitelist(addresses);
}
ble_error_t setOOBDataUsage(Gap::Handle_t connectionHandle, bool useOOB, bool OOBProvidesMITM) {
/*
[].useOOB = useOOB;
[].OOBProvidesMITM = OOBProvidesMITM;
*/
return BLE_ERROR_NONE;
ble_error_t setOOBDataUsage(Gap::Handle_t connectionHandle, bool useOOB, bool OOBProvidesMITM = false) {
return pal.set_oob_data_usage(connectionHandle, useOOB, OOBProvidesMITM);
}
ble_error_t preserveBondingStateOnReset(bool enabled) {
@ -84,6 +77,18 @@ public:
return BLE_ERROR_NONE;
}
ble_error_t setPinCode(uint8_t pinLength, uint8_t * pinCode, bool isStatic = false) {
return pal.set_pin_code(pinLength, pinCode, isStatic);
}
ble_error_t setPasskey(const Passkey_t passkeyASCI, bool isStatic = false) {
uint32_t passkey = 0;
for (int i = 0, m = 1; i < 6; ++i, m *= 10) {
passkey += (passkeyASCI[i] - NUMBER_OFFSET) * m;
}
return pal.set_passkey(passkey);
}
protected:
GenericSecurityManager(ble::pal::SecurityManager& palImpl) : pal(palImpl), saveStateEnabled(false) {
eventHandler = new SecurityManagerEventHandler();