ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
20,431 Commits
52 Branches
336 Tags
624 MiB
Commit Graph

323 Commits (66631716071abe12c90477d7448c8bc06e247abf)

Author SHA1 Message Date
Donatien Garnier ad09ba0dcc Fix handling of security escalation in on_connection_complete() 2018-05-16 13:54:25 +01:00
Donatien Garnier 3f7a7a4213 Merge 2018-05-16 12:44:36 +01:00
Donatien Garnier 7ef7ef553c Fix is_random_xxx_address() functions in GenericGap that I had broken :) 2018-05-16 12:04:04 +01:00
Donatien Garnier 1fdb57e82c Removed set_privacy() API and added is_privacy_supported() check to PAL + Generic GAP 2018-05-16 12:02:21 +01:00
paul-szczepanek-arm 1ae13bc80f don't reset db on security manager reset as the docs require 2018-05-16 11:46:36 +01:00
paul-szczepanek-arm bcca75973e reseting the security db 2018-05-16 11:23:17 +01:00
paul-szczepanek-arm c2bbc94b44 handle init of an already initialised security db 2018-05-16 11:01:37 +01:00
Vincent Coubard afcbdfc7dc Merge branch 'security-manager-dev' of https://github.com/paul-szczepanek-arm/mbed-os into filedb 2018-05-16 08:43:52 +01:00
Donatien Garnier 288c3952d8 Address Paul's comments 2018-05-15 18:37:50 +01:00
paul-szczepanek-arm 5c598688e4 templates for reading and writing to avoid repetition 2018-05-15 16:35:54 +01:00
Vincent Coubard 2860365a3c BLE: Improve readibility of condition. 2018-05-15 12:16:51 +01:00
paul-szczepanek-arm 49db7e2a2a restoring db file blanks file if set to not restore, allow reusing the db 2018-05-15 11:46:39 +01:00
paul-szczepanek-arm f8244a3d87 review comments, init partly moved to restore, restore setting enabled, null check on filepath 2018-05-15 10:24:59 +01:00
Donatien Garnier 6c6af1b0d5 Added missing masks and fixed bit ordering in is_random_xx_address() functions 2018-05-14 13:59:32 +01:00
Donatien Garnier d8b63fc03d Reordered initializers in GenericGap 2018-05-14 13:53:50 +01:00
Donatien Garnier 67ec6323fc Added update_random_address() implementation in GenericGap 2018-05-14 13:52:29 +01:00
Donatien Garnier 3523cdb264 Missing initializer in GenericGap 2018-05-14 13:37:37 +01:00
Donatien Garnier 472d3de849 Give GenericGap access to the Security Manager's PAL 2018-05-14 13:36:02 +01:00
Donatien Garnier a3d9d6cebd Business logic for handling non-resolvable private addresses 2018-05-14 13:26:39 +01:00
paul-szczepanek-arm 579cb5e222 avoid setting flags twice 2018-05-14 10:26:44 +01:00
paul-szczepanek-arm f4f3a3c697 store ltk and csrk but not irk sent status 
and missing asserts
 2018-05-14 09:52:49 +01:00
paul-szczepanek-arm 8f90875cd6 reset entry now remove old keys 2018-05-13 23:49:27 +01:00
paul-szczepanek-arm 23c6a69d66 key dist flags only in db now and not in control block of sec manager 2018-05-13 23:26:34 +01:00
Donatien Garnier 69e35c49c8 Handle resolution policy for peripheral in GenericGap 2018-05-13 23:25:52 +01:00
paul-szczepanek-arm ab117737fa write back counter, sync entry by hand;e 2018-05-13 22:55:47 +01:00
Donatien Garnier 21471bb3c9 and make sure it compiles and that policy is only applied if privacy is enabled :) 2018-05-13 22:42:11 +01:00
Donatien Garnier 926efa4018 Filter out advertising reports for unresolved addresses if required 2018-05-13 22:37:59 +01:00
Donatien Garnier 6a2ffaeac0 Update own address type generation in GenericGap 2018-05-13 22:16:08 +01:00
Donatien Garnier 620ebc3f9a Some fixes in GenericGap 2018-05-13 20:38:29 +01:00
Donatien Garnier 4c5e2a8094 Added method to update resolution settings in GenericGap 2018-05-13 19:14:56 +01:00
Donatien Garnier 7b4a813aca Added stubs in GenericGap for privacy configuration methods 2018-05-13 18:52:54 +01:00
Donatien Garnier e9ad148db0 Added privacy-related methods overrides in GenericGap 2018-05-13 17:57:27 +01:00
paul-szczepanek-arm 3af4d0b50f get identity list function argument needs to have its own memory allocated 2018-05-11 19:52:12 +01:00
paul-szczepanek-arm a63f38e767 moved logic to security db and left storage in memory and file dbs 
db created at init now
 2018-05-11 19:41:33 +01:00
Vincent Coubard 40a403e99b Merge branch 'security-manager-dev' of https://github.com/paul-szczepanek-arm/mbed-os into fix-encryption-rejection 2018-05-10 12:05:36 +01:00
paul-szczepanek-arm 473482d204 move securitydb into generic 2018-05-10 11:08:31 +01:00
Paul Szczepanek 2b02148ab6
Merge branch 'master' into security-manager-dev 2018-05-09 11:23:28 +01:00
Paul Szczepanek 9a0a0865a6
Merge branch 'security-manager-dev' into sm-privacy-nordic 2018-05-08 18:01:41 +01:00
Vincent Coubard fd5903c22d GenericGattClient: Fix discovery termination. 
The procedure should be terminated whenever the server returns an error not equal
to ATTRIBUTE_NOT_FOUND. The block was effectivelly terminated but the
procedure was not. As a result the discovery was operating on already
freed memory.
 2018-05-04 11:30:58 +01:00
Vincent Coubard 4e5639f5ca BLE: Support encryption with secure connection key. 2018-05-02 17:51:48 +01:00
Vincent Coubard 55eb7033b2 Generic Security Manager: Set csrk to stored when the peer csrk has been received. 2018-05-01 11:54:25 +01:00
Vincent Coubard 41a3442474 Generic Security Manager: Set ltk to stored when the peer ltk has been recveived. 2018-05-01 11:54:03 +01:00
Vincent Coubard f90eacfd27 Generic Security Manager: remove peer csrk at disconnection 2018-05-01 11:53:18 +01:00
Vincent Coubard 1ac95e105b ble - Generic Security Manager: set signing unconditionnal to role reversal. 
A peripheral can act as a GATT client whether it is in the peripheral role or the central role therefore it doesn't make sense to enable signing only if roles will be reversed latter.
 2018-05-01 11:50:59 +01:00
Vincent Coubard 9880db7543 Generic Security Manager: Improve formating 2018-05-01 11:48:22 +01:00
Vincent Coubard 2e3c7e8ab7 Generic Security Manager: Set LinkKey to false unconditionally. 
This key distribution flags is for dual mode devices; mbed does not support BR/EDR.
 2018-05-01 11:45:24 +01:00
Vincent Coubard e39bb4b92c BLE - GenericGattClient: Exploit ENCRYPTED_WITH_SC_AND_MITM encryption. 
IF link is encrypted, authenticated or authenticated with lesc then signed write must be transformed into regular write commands.
 2018-05-01 11:38:30 +01:00
Vincent Coubard b0d5ba33bb BLE: return an error when application tries to turn down encryption. 2018-04-20 15:49:14 +01:00
paul-szczepanek-arm d1f3e4fd27 don't require master sends keys for signing key 2018-04-20 09:33:54 +01:00
Vincent Coubard 169e579de7 BLE: Handle new addresses type in GenericGap. 2018-04-17 17:05:41 +01:00
Vincent Coubard 951a6be4c8 BLE: retrieve and fill resolving list at GenericSecurityManager startup. 2018-04-17 15:58:21 +01:00
Vincent Coubard 77b1903634 BLE: Add bonded device to resolving list at the end of bonding. 2018-04-17 14:16:35 +01:00
Vincent Coubard dfbf383614 BLE: Fix const correctness of ::Gap::getRandomAddressType 2018-04-17 14:03:57 +01:00
Vincent Coubard a7f2384e10 BLE: Add default privacy configuration 2018-04-16 18:18:04 +01:00
paul-szczepanek-arm 6b67a6d0a6 missing deref after signature change 2018-04-16 15:06:37 +01:00
Paul Szczepanek d8f5100822
Merge pull request #30 from pan-/sm-privacy 
BLE: Add Gap privacy interfaces.
 2018-04-12 14:59:27 +01:00
Vincent Coubard 90c85955ad BLE: Fix GAP privacy related signatures. 2018-04-12 11:04:44 +01:00
Vincent Coubard 1f02913a2c BLE: Add Gap privacy interfaces. 
This commit adds API to enable and configure the device privacy.
It deprecates address random types present in Gap::AddressType as these types are not appropriate for scan reports, connection initiation and the connection event. Now user should use the function Gap::getRandomAddressType to find the type of a random address.
The function gap::setAddress is deprecated as it is not portable and can colide with privacy.
 2018-04-11 14:18:42 +01:00
paul-szczepanek-arm 1e6455da0b check encryption before signing 2018-04-11 13:37:04 +01:00
paul-szczepanek-arm 3aaedf6f48 fixed missed function rename 2018-04-11 12:34:57 +01:00
Paul Szczepanek 6c900642e5
Merge pull request #28 from paul-szczepanek-arm/signing-counter 
sign counter added
 2018-04-10 17:06:14 +01:00
paul-szczepanek-arm 55d3423a5e typedef uint32_t 2018-04-09 13:35:17 +01:00
Vincent Coubard f53a0e4906 Merge branch 'security-manager-dev' of https://github.com/paul-szczepanek-arm/mbed-os into sc-nordic 2018-04-09 09:09:01 +01:00
paul-szczepanek-arm 57149b69e4 monitor for signing events and set local counter 2018-04-04 19:24:00 +01:00
Vincent Coubard dcff810457 BLE: replace byte_array_t::buffer with byte_array_t::data 2018-04-04 17:20:08 +01:00
paul-szczepanek-arm 539a11ee31 sign counter added 2018-04-04 15:59:10 +01:00
paul-szczepanek-arm cbf80e9da5 typos, style and other review fixes 2018-04-03 15:41:43 +01:00
paul-szczepanek-arm c1e2e07241 missing line from commit 
(github client fail)
 2018-04-03 15:41:43 +01:00
paul-szczepanek-arm 15c06acfe4 style fix 2018-04-03 15:41:43 +01:00
paul-szczepanek-arm dfdfcfb25e style fix 2018-04-03 15:41:43 +01:00
paul-szczepanek-arm e276478d58 only bother reacting to verification failures if we want to use signing 2018-04-03 15:41:43 +01:00
paul-szczepanek-arm f5fee68f99 fixed naming for sig failure count 2018-04-03 15:41:43 +01:00
paul-szczepanek-arm 9283413c4c count failures, trigger reparing when verification fails 2018-04-03 15:41:43 +01:00
paul-szczepanek-arm 780d8a4375 let the stack know whether csrk is authenticated 2018-04-03 15:41:43 +01:00
paul-szczepanek-arm 511135f31c signing only for the slave, unless keys requested to be sent by master 2018-04-03 15:41:43 +01:00
paul-szczepanek-arm 8d966dbe8c invalid mic event 2018-04-03 15:41:43 +01:00
paul-szczepanek-arm 5ae9cc3b53 set peer csrk on pal 2018-04-03 15:41:43 +01:00
paul-szczepanek-arm 576796b289 reset OOB on use 2018-04-03 15:29:26 +01:00
paul-szczepanek-arm 0a494a0bbc all_zeros now free functions 2018-04-03 14:47:27 +01:00
paul-szczepanek-arm aa90f0df65 rely solely on random vlalue to know if already calculating 
simplify by setting a fake random value at the start so that first run is the same as subsequent runs
 2018-03-27 12:25:50 +01:00
paul-szczepanek-arm e1885486fa only generate oob if using oob 2018-03-26 18:00:05 +01:00
paul-szczepanek-arm d1b4713ae6 removed redundancy 2018-03-26 17:53:40 +01:00
paul-szczepanek-arm 02ba2848a8 avoid recalculating oob fi already calculating 2018-03-26 17:48:32 +01:00
Vincent Coubard db20ecbbde
Merge branch 'security-manager-dev' into oob-gen 2018-03-26 16:49:55 +01:00
paul-szczepanek-arm 98efb9da06 generate oob at will and without passing in connection handle 2018-03-23 18:31:27 +00:00
Vincent Coubard 0a710e5331 BLE: Initialize the pal in GenericSecurityManager 2018-03-23 12:06:08 +00:00
Paul Szczepanek d7595803d0
Merge pull request #23 from paul-szczepanek-arm/legacy-oob 
allow preloading legacy oob, generate tk
 2018-03-23 10:48:11 +00:00
paul-szczepanek-arm 6833c79fb3 don't request encrypt when pending 2018-03-22 17:54:13 +00:00
paul-szczepanek-arm 81cb1f9c83 enable encryption for slave request added 2018-03-22 17:11:15 +00:00
paul-szczepanek-arm 350924129f fix the attempt oob flag if we receive oob 2018-03-22 12:32:01 +00:00
paul-szczepanek-arm 2b2d9a2453 reset pending state when attempt ends, added comments 2018-03-22 12:23:37 +00:00
paul-szczepanek-arm c848c79a5b avoid code redundancy 2018-03-22 12:10:21 +00:00
paul-szczepanek-arm 909f9513cf allow preloading legacy oob, generate tk 2018-03-22 12:01:34 +00:00
paul-szczepanek-arm 66867d4dd3 oob stored in generic and handed over to pal when requested 2018-03-16 14:48:04 +00:00
paul-szczepanek-arm 1f8c5c1231 fixed typos 2018-03-09 14:22:28 +00:00
paul-szczepanek-arm b8ba99a184 handling OOB data generation and verification now pushed down to PAL level 2018-03-05 11:29:13 +00:00
Donatien Garnier a3383c139b Addressed Vincent's comments 2018-03-01 20:32:37 +00:00
paul-szczepanek-arm 68f25611d5 no need to ask for encryption after pairing, fold deref under the null check 2018-03-01 17:47:18 +00:00
paul-szczepanek-arm b89f9f2482 added callback on encryption request even if lower and restructured for clarity 2018-03-01 15:17:36 +00:00
Vincent Coubard e29ea95fc9 BLE: Return error when security deascalation is requested. 2018-03-01 14:44:18 +00:00