Commit Graph

304 Commits (c39448fa97c2bc397341fbd12a0a5fd815e6f1c1)

Author SHA1 Message Date
paul-szczepanek-arm 579cb5e222 avoid setting flags twice 2018-05-14 10:26:44 +01:00
paul-szczepanek-arm f4f3a3c697 store ltk and csrk but not irk sent status
and missing asserts
2018-05-14 09:52:49 +01:00
paul-szczepanek-arm 8f90875cd6 reset entry now remove old keys 2018-05-13 23:49:27 +01:00
paul-szczepanek-arm 23c6a69d66 key dist flags only in db now and not in control block of sec manager 2018-05-13 23:26:34 +01:00
Donatien Garnier 69e35c49c8 Handle resolution policy for peripheral in GenericGap 2018-05-13 23:25:52 +01:00
paul-szczepanek-arm ab117737fa write back counter, sync entry by hand;e 2018-05-13 22:55:47 +01:00
Donatien Garnier 21471bb3c9 and make sure it compiles and that policy is only applied if privacy is enabled :) 2018-05-13 22:42:11 +01:00
Donatien Garnier 926efa4018 Filter out advertising reports for unresolved addresses if required 2018-05-13 22:37:59 +01:00
Donatien Garnier 6a2ffaeac0 Update own address type generation in GenericGap 2018-05-13 22:16:08 +01:00
Donatien Garnier 620ebc3f9a Some fixes in GenericGap 2018-05-13 20:38:29 +01:00
Donatien Garnier 4c5e2a8094 Added method to update resolution settings in GenericGap 2018-05-13 19:14:56 +01:00
Donatien Garnier 7b4a813aca Added stubs in GenericGap for privacy configuration methods 2018-05-13 18:52:54 +01:00
Donatien Garnier e9ad148db0 Added privacy-related methods overrides in GenericGap 2018-05-13 17:57:27 +01:00
paul-szczepanek-arm 3af4d0b50f get identity list function argument needs to have its own memory allocated 2018-05-11 19:52:12 +01:00
paul-szczepanek-arm a63f38e767 moved logic to security db and left storage in memory and file dbs
db created at init now
2018-05-11 19:41:33 +01:00
Vincent Coubard 40a403e99b Merge branch 'security-manager-dev' of https://github.com/paul-szczepanek-arm/mbed-os into fix-encryption-rejection 2018-05-10 12:05:36 +01:00
paul-szczepanek-arm 473482d204 move securitydb into generic 2018-05-10 11:08:31 +01:00
Paul Szczepanek 2b02148ab6
Merge branch 'master' into security-manager-dev 2018-05-09 11:23:28 +01:00
Paul Szczepanek 9a0a0865a6
Merge branch 'security-manager-dev' into sm-privacy-nordic 2018-05-08 18:01:41 +01:00
Vincent Coubard fd5903c22d GenericGattClient: Fix discovery termination.
The procedure should be terminated whenever the server returns an error not equal
to ATTRIBUTE_NOT_FOUND. The block was effectivelly terminated but the
procedure was not. As a result the discovery was operating on already
freed memory.
2018-05-04 11:30:58 +01:00
Vincent Coubard 4e5639f5ca BLE: Support encryption with secure connection key. 2018-05-02 17:51:48 +01:00
Vincent Coubard 55eb7033b2 Generic Security Manager: Set csrk to stored when the peer csrk has been received. 2018-05-01 11:54:25 +01:00
Vincent Coubard 41a3442474 Generic Security Manager: Set ltk to stored when the peer ltk has been recveived. 2018-05-01 11:54:03 +01:00
Vincent Coubard f90eacfd27 Generic Security Manager: remove peer csrk at disconnection 2018-05-01 11:53:18 +01:00
Vincent Coubard 1ac95e105b ble - Generic Security Manager: set signing unconditionnal to role reversal.
A peripheral can act as a GATT client whether it is in the peripheral role or the central role therefore it doesn't make sense to enable signing only if roles will be reversed latter.
2018-05-01 11:50:59 +01:00
Vincent Coubard 9880db7543 Generic Security Manager: Improve formating 2018-05-01 11:48:22 +01:00
Vincent Coubard 2e3c7e8ab7 Generic Security Manager: Set LinkKey to false unconditionally.
This key distribution flags is for dual mode devices; mbed does not support BR/EDR.
2018-05-01 11:45:24 +01:00
Vincent Coubard e39bb4b92c BLE - GenericGattClient: Exploit ENCRYPTED_WITH_SC_AND_MITM encryption.
IF link is encrypted, authenticated or authenticated with lesc then signed write must be transformed into regular write commands.
2018-05-01 11:38:30 +01:00
Vincent Coubard b0d5ba33bb BLE: return an error when application tries to turn down encryption. 2018-04-20 15:49:14 +01:00
paul-szczepanek-arm d1f3e4fd27 don't require master sends keys for signing key 2018-04-20 09:33:54 +01:00
Vincent Coubard 169e579de7 BLE: Handle new addresses type in GenericGap. 2018-04-17 17:05:41 +01:00
Vincent Coubard 951a6be4c8 BLE: retrieve and fill resolving list at GenericSecurityManager startup. 2018-04-17 15:58:21 +01:00
Vincent Coubard 77b1903634 BLE: Add bonded device to resolving list at the end of bonding. 2018-04-17 14:16:35 +01:00
Vincent Coubard dfbf383614 BLE: Fix const correctness of ::Gap::getRandomAddressType 2018-04-17 14:03:57 +01:00
Vincent Coubard a7f2384e10 BLE: Add default privacy configuration 2018-04-16 18:18:04 +01:00
paul-szczepanek-arm 6b67a6d0a6 missing deref after signature change 2018-04-16 15:06:37 +01:00
Paul Szczepanek d8f5100822
Merge pull request #30 from pan-/sm-privacy
BLE: Add Gap privacy interfaces.
2018-04-12 14:59:27 +01:00
Vincent Coubard 90c85955ad BLE: Fix GAP privacy related signatures. 2018-04-12 11:04:44 +01:00
Vincent Coubard 1f02913a2c BLE: Add Gap privacy interfaces.
This commit adds API to enable and configure the device privacy.
It deprecates address random types present in Gap::AddressType as these types are not appropriate for scan reports, connection initiation and the connection event. Now user should use the function Gap::getRandomAddressType to find the type of a random address.
The function gap::setAddress is deprecated as it is not portable and can colide with privacy.
2018-04-11 14:18:42 +01:00
paul-szczepanek-arm 1e6455da0b check encryption before signing 2018-04-11 13:37:04 +01:00
paul-szczepanek-arm 3aaedf6f48 fixed missed function rename 2018-04-11 12:34:57 +01:00
Paul Szczepanek 6c900642e5
Merge pull request #28 from paul-szczepanek-arm/signing-counter
sign counter added
2018-04-10 17:06:14 +01:00
paul-szczepanek-arm 55d3423a5e typedef uint32_t 2018-04-09 13:35:17 +01:00
Vincent Coubard f53a0e4906 Merge branch 'security-manager-dev' of https://github.com/paul-szczepanek-arm/mbed-os into sc-nordic 2018-04-09 09:09:01 +01:00
paul-szczepanek-arm 57149b69e4 monitor for signing events and set local counter 2018-04-04 19:24:00 +01:00
Vincent Coubard dcff810457 BLE: replace byte_array_t::buffer with byte_array_t::data 2018-04-04 17:20:08 +01:00
paul-szczepanek-arm 539a11ee31 sign counter added 2018-04-04 15:59:10 +01:00
paul-szczepanek-arm cbf80e9da5 typos, style and other review fixes 2018-04-03 15:41:43 +01:00
paul-szczepanek-arm c1e2e07241 missing line from commit
(github client fail)
2018-04-03 15:41:43 +01:00
paul-szczepanek-arm 15c06acfe4 style fix 2018-04-03 15:41:43 +01:00
paul-szczepanek-arm dfdfcfb25e style fix 2018-04-03 15:41:43 +01:00
paul-szczepanek-arm e276478d58 only bother reacting to verification failures if we want to use signing 2018-04-03 15:41:43 +01:00
paul-szczepanek-arm f5fee68f99 fixed naming for sig failure count 2018-04-03 15:41:43 +01:00
paul-szczepanek-arm 9283413c4c count failures, trigger reparing when verification fails 2018-04-03 15:41:43 +01:00
paul-szczepanek-arm 780d8a4375 let the stack know whether csrk is authenticated 2018-04-03 15:41:43 +01:00
paul-szczepanek-arm 511135f31c signing only for the slave, unless keys requested to be sent by master 2018-04-03 15:41:43 +01:00
paul-szczepanek-arm 8d966dbe8c invalid mic event 2018-04-03 15:41:43 +01:00
paul-szczepanek-arm 5ae9cc3b53 set peer csrk on pal 2018-04-03 15:41:43 +01:00
paul-szczepanek-arm 576796b289 reset OOB on use 2018-04-03 15:29:26 +01:00
paul-szczepanek-arm 0a494a0bbc all_zeros now free functions 2018-04-03 14:47:27 +01:00
paul-szczepanek-arm aa90f0df65 rely solely on random vlalue to know if already calculating
simplify by setting a fake random value at the start so that first run is the same as subsequent runs
2018-03-27 12:25:50 +01:00
paul-szczepanek-arm e1885486fa only generate oob if using oob 2018-03-26 18:00:05 +01:00
paul-szczepanek-arm d1b4713ae6 removed redundancy 2018-03-26 17:53:40 +01:00
paul-szczepanek-arm 02ba2848a8 avoid recalculating oob fi already calculating 2018-03-26 17:48:32 +01:00
Vincent Coubard db20ecbbde
Merge branch 'security-manager-dev' into oob-gen 2018-03-26 16:49:55 +01:00
paul-szczepanek-arm 98efb9da06 generate oob at will and without passing in connection handle 2018-03-23 18:31:27 +00:00
Vincent Coubard 0a710e5331 BLE: Initialize the pal in GenericSecurityManager 2018-03-23 12:06:08 +00:00
Paul Szczepanek d7595803d0
Merge pull request #23 from paul-szczepanek-arm/legacy-oob
allow preloading legacy oob, generate tk
2018-03-23 10:48:11 +00:00
paul-szczepanek-arm 6833c79fb3 don't request encrypt when pending 2018-03-22 17:54:13 +00:00
paul-szczepanek-arm 81cb1f9c83 enable encryption for slave request added 2018-03-22 17:11:15 +00:00
paul-szczepanek-arm 350924129f fix the attempt oob flag if we receive oob 2018-03-22 12:32:01 +00:00
paul-szczepanek-arm 2b2d9a2453 reset pending state when attempt ends, added comments 2018-03-22 12:23:37 +00:00
paul-szczepanek-arm c848c79a5b avoid code redundancy 2018-03-22 12:10:21 +00:00
paul-szczepanek-arm 909f9513cf allow preloading legacy oob, generate tk 2018-03-22 12:01:34 +00:00
paul-szczepanek-arm 66867d4dd3 oob stored in generic and handed over to pal when requested 2018-03-16 14:48:04 +00:00
paul-szczepanek-arm 1f8c5c1231 fixed typos 2018-03-09 14:22:28 +00:00
paul-szczepanek-arm b8ba99a184 handling OOB data generation and verification now pushed down to PAL level 2018-03-05 11:29:13 +00:00
Donatien Garnier a3383c139b Addressed Vincent's comments 2018-03-01 20:32:37 +00:00
paul-szczepanek-arm 68f25611d5 no need to ask for encryption after pairing, fold deref under the null check 2018-03-01 17:47:18 +00:00
paul-szczepanek-arm b89f9f2482 added callback on encryption request even if lower and restructured for clarity 2018-03-01 15:17:36 +00:00
Vincent Coubard e29ea95fc9 BLE: Return error when security deascalation is requested. 2018-03-01 14:44:18 +00:00
paul-szczepanek-arm 7e2f5ee008 fix not setting the mitm performed state correctly 2018-03-01 14:25:22 +00:00
paul-szczepanek-arm bc11834125 fix not setting encryption state in generic 2018-03-01 13:59:19 +00:00
paul-szczepanek-arm d5b8439bae removed redundant check
we already checked the current encryption and it is encrypted
2018-03-01 13:03:49 +00:00
paul-szczepanek-arm 179ad1626f Merge branch 'master' of https://github.com/paul-szczepanek-arm/mbed-os 2018-03-01 12:56:33 +00:00
paul-szczepanek-arm cebc0f8fd7 create encryption result event even when nothing changes 2018-03-01 12:56:29 +00:00
Vincent Coubard 766b8765ad BLE: Accept pairing request when the user authorization is not required. 2018-03-01 10:21:35 +00:00
paul-szczepanek-arm f9a79bed15 fixed initiator distribution bug and setting LINK distribution field based on SC 2018-02-28 17:43:54 +00:00
paul-szczepanek-arm c52d324dab pass in information about the mitm and sc quality of the ltk to the pal 2018-02-28 12:02:54 +00:00
paul-szczepanek-arm abcc5db44b fix setting default values which were overriding even when unset 2018-02-28 10:00:58 +00:00
paul-szczepanek-arm 975544f274 link key distribution decision made in generic security manager 2018-02-27 23:26:34 +00:00
paul-szczepanek-arm e186985b26 addressing PR review: added documentation, moved code and renamed vars 2018-02-27 17:22:13 +00:00
paul-szczepanek-arm 536f541b93 mic event no longer present in user api, removing call 2018-02-27 12:13:48 +00:00
paul-szczepanek-arm 4010bade89 reanmed type as per review request 2018-02-27 11:43:46 +00:00
paul-szczepanek-arm 5de1979f5c types renamed as per review requests 2018-02-27 10:33:35 +00:00
paul-szczepanek-arm b0c7d729fc variable name updated in the undefed cmac blocks 2018-02-27 10:00:07 +00:00
Vincent Coubard b939721421 BLE: Ensure passkey is not null before integer conversion 2018-02-27 09:00:26 +00:00
Vincent Coubard 11a809ee1c BLE: remove MorySecurityDb include from generic security manager. 2018-02-23 11:19:21 +00:00
Vincent Coubard 1ded0d7198 BLE: Split security manager control block from the secure DB. 2018-02-23 11:15:08 +00:00
paul-szczepanek-arm 1da5d74470 temporary key encryption mitm quality reflected 2018-02-22 11:50:11 +00:00