ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #9339 from costanic/fix_oob 

Fix Out-Of-Band (OOB) data generation for BLE OOB pairing
pull/9787/head
Cruz Monrreal 2019-01-17 21:51:54 -06:00 committed by GitHub
parent 74f572356d 7795e30bce
commit fd2a96e7ad
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 39 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp
View File

@ -653,14 +653,20 @@ ble_error_t GenericSecurityManager::generateOOB(
/* Secure connections. Avoid generating if we're already waiting for it. /* Secure connections. Avoid generating if we're already waiting for it.
* If a local random is set to 0 it means we're already calculating. */ * If a local random is set to 0 it means we're already calculating. */
if (!is_all_zeros(_oob_local_random)) { if (!is_all_zeros(_oob_local_random)) {
status = _pal.generate_secure_connections_oob(); /* save the current values in case the call to
* generate_secure_connections_oob fails */
address_t orig_local_address = _oob_local_address;
oob_lesc_value_t orig_local_random = _oob_local_random;
if (status == BLE_ERROR_NONE) { _oob_local_address = *address;
_oob_local_address = *address; /* this will be updated when calculation completes,
/* this will be updated when calculation completes, * a value of all zeros is an invalid random value */
* a value of all zeros is an invalid random value */ set_all_zeros(_oob_local_random);
set_all_zeros(_oob_local_random);
} else if (status != BLE_ERROR_NOT_IMPLEMENTED) { status = _pal.generate_secure_connections_oob();
if (status != BLE_ERROR_NONE && status != BLE_ERROR_NOT_IMPLEMENTED) {
_oob_local_address = orig_local_address;
_oob_local_random = orig_local_random;
return status; return status;
} }
} else { } else {

43
features/FEATURE_BLE/targets/TARGET_NORDIC/TARGET_NORDIC_SOFTDEVICE/TARGET_NRF52/source/nRF5xPalSecurityManager.cpp
View File

@ -15,6 +15,7 @@
*/ */
#include <stdint.h> #include <stdint.h>
#include "platform/mbed_assert.h"
#include "nRF5xPalSecurityManager.h" #include "nRF5xPalSecurityManager.h"
#include "nRF5xn.h" #include "nRF5xn.h"
#include "ble/Gap.h" #include "ble/Gap.h"
@ -80,11 +81,6 @@ struct nRF5xSecurityManager::pairing_control_block_t {
ble_gap_id_key_t peer_id_key; ble_gap_id_key_t peer_id_key;
ble_gap_sign_info_t peer_sign_key; ble_gap_sign_info_t peer_sign_key;
ble_gap_lesc_p256_pk_t peer_pk; ble_gap_lesc_p256_pk_t peer_pk;
// flag required to help DHKey computation/process; should be removed with
// later versions of the softdevice
uint8_t own_oob:1;
uint8_t peer_oob:1;
}; };
nRF5xSecurityManager::nRF5xSecurityManager() nRF5xSecurityManager::nRF5xSecurityManager()
@ -662,26 +658,37 @@ ble_error_t nRF5xSecurityManager::secure_connections_oob_request_reply(
const oob_lesc_value_t &peer_random, const oob_lesc_value_t &peer_random,
const oob_confirm_t &peer_confirm const oob_confirm_t &peer_confirm
) { ) {
bool have_oob_own;
bool have_oob_peer;
const oob_lesc_value_t zerokey;
ble_gap_lesc_oob_data_t oob_own;
ble_gap_lesc_oob_data_t oob_peer;
pairing_control_block_t* pairing_cb = get_pairing_cb(connection); pairing_control_block_t* pairing_cb = get_pairing_cb(connection);
if (!pairing_cb) { if (!pairing_cb) {
return BLE_ERROR_INVALID_STATE; return BLE_ERROR_INVALID_STATE;
} }
ble_gap_lesc_oob_data_t oob_own; have_oob_own = false;
ble_gap_lesc_oob_data_t oob_peer; if (local_random != zerokey) {
have_oob_own = true;
// is own address important ?
memcpy(oob_own.r, local_random.data(), local_random.size());
// FIXME: What to do with local confirm ???
}
// is own address important ? have_oob_peer = false;
memcpy(oob_own.r, local_random.data(), local_random.size()); if (peer_random != zerokey && peer_confirm != zerokey) {
// FIXME: What to do with local confirm ??? have_oob_peer = true;
// is peer address important ?
// is peer address important ? memcpy(oob_peer.r, peer_random.data(), peer_random.size());
memcpy(oob_peer.r, peer_random.data(), peer_random.size()); memcpy(oob_peer.c, peer_confirm.data(), peer_confirm.size());
memcpy(oob_peer.c, peer_confirm.data(), peer_confirm.size()); }
uint32_t err = sd_ble_gap_lesc_oob_data_set( uint32_t err = sd_ble_gap_lesc_oob_data_set(
connection, connection,
pairing_cb->own_oob ? &oob_own : NULL, have_oob_own ? &oob_own : NULL,
pairing_cb->peer_oob ? &oob_peer : NULL have_oob_peer ? &oob_peer : NULL
); );
return convert_sd_error(err); return convert_sd_error(err);
@ -734,7 +741,9 @@ ble_error_t nRF5xSecurityManager::generate_secure_connections_oob()
ble_gap_lesc_p256_pk_t own_secret; ble_gap_lesc_p256_pk_t own_secret;
ble_gap_lesc_oob_data_t oob_data; ble_gap_lesc_oob_data_t oob_data;
memcpy(own_secret.pk, secret.data(), secret.size()); MBED_ASSERT(sizeof(own_secret.pk) >= X.size() + Y.size());
memcpy(own_secret.pk, X.data(), X.size());
memcpy(own_secret.pk + X.size(), Y.data(), Y.size());
uint32_t err = sd_ble_gap_lesc_oob_data_get( uint32_t err = sd_ble_gap_lesc_oob_data_get(
BLE_CONN_HANDLE_INVALID, BLE_CONN_HANDLE_INVALID,