Merge pull request #13037 from paul-szczepanek-arm/ble-sm-fix

BLE: Fix privacy and signing handling in Security Manager

Author: 0xc0170

features/FEATURE_BLE/ble/SecurityManager.h

@@ -285,6 +285,22 @@ class SecurityManager {
             (void)result;
         }
 
+        /**
+         * Indicate that a peer address has been saved by the security manager or if we are
+         * bonded to the peer the identity has been retrieved from the database on connection.
+         *
+         * @param[in] connectionHandle Connection handle.
+         * @param[in] peer_address Peer address that has been saved by the security database, NULL it not found.
+         * @param[in] address_is_public Address type, true if public. Invalid if peer_address NULL.
+         */
+        virtual void peerIdentity(ble::connection_handle_t connectionHandle,
+                                  const address_t *peer_address,
+                                  bool address_is_public) {
+            (void)connectionHandle;
+            (void)peer_address;
+            (void)address_is_public;
+        }
+
         ////////////////////////////////////////////////////////////////////////////
         // Security
         //
@@ -561,6 +577,14 @@ class SecurityManager {
      */
     ble_error_t setPairingRequestAuthorisation(bool required = true);
 
+    /**
+     * Retrieve identity address for the peer on the given connection.
+     *
+     * @param[in] connectionHandle Handle to identify the connection.
+     * @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
+     */
+    ble_error_t getPeerIdentity(ble::connection_handle_t connectionHandle);
+
     ////////////////////////////////////////////////////////////////////////////
     // Feature support
     //
@@ -899,6 +923,10 @@ class SecurityManager {
         ble::connection_handle_t connectionHandle
     );
 
+    ble_error_t getPeerIdentity_(
+        ble::connection_handle_t connectionHandle
+    );
+
     ble_error_t setPairingRequestAuthorisation_(
         bool required
     );

features/FEATURE_BLE/ble/generic/FileSecurityDb.h

@@ -34,8 +34,6 @@ class FileSecurityDb : public SecurityDb {
         size_t file_offset;
     };
 
-    static const size_t MAX_ENTRIES = 5;
-
     static entry_t* as_entry(entry_handle_t db_handle) {
         return reinterpret_cast<entry_t*>(db_handle);
     }
@@ -118,6 +116,21 @@ class FileSecurityDb : public SecurityDb {
         sign_count_t sign_counter
     );
 
+    /* local csrk and identity */
+
+    virtual void set_local_csrk(
+            const csrk_t &csrk
+    );
+
+    virtual void set_local_identity(
+            const irk_t &irk,
+            const address_t &identity_address,
+            bool public_address
+    );
+
+    /* I am not overriding set_local_sign_counter to avoid constant filesystem writes,
+     * instead this is synced by sync (which is called on disconnection) */
+
     /* saving and loading from nvm */
 
     virtual void restore();
@@ -146,7 +159,7 @@ class FileSecurityDb : public SecurityDb {
     static FILE* erase_db_file(FILE* db_file);
 
 private:
-    entry_t _entries[MAX_ENTRIES];
+    entry_t _entries[BLE_SECURITY_DATABASE_MAX_ENTRIES];
     FILE *_db_file;
     uint8_t _buffer[sizeof(SecurityEntryKeys_t)];
 };

features/FEATURE_BLE/ble/generic/GenericSecurityManager.h

@@ -124,6 +124,10 @@ class GenericSecurityManager :
         bool required = true
     );
 
+    ble_error_t getPeerIdentity_(
+        connection_handle_t connection
+    );
+
     ////////////////////////////////////////////////////////////////////////////
     // Feature support
     //
@@ -321,6 +325,13 @@ class GenericSecurityManager :
      */
     ble_error_t init_signing();
 
+    /**
+     * Generate the IRK if needed.
+     *
+     * @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
+     */
+    ble_error_t init_identity();
+
     /**
      * Fills the buffer with the specified number of bytes of random data
      * produced by the link controller

features/FEATURE_BLE/ble/generic/MemorySecurityDb.h

@@ -34,8 +34,6 @@ class MemorySecurityDb : public SecurityDb {
         SecurityEntrySigning_t peer_signing;
     };
 
-    static const size_t MAX_ENTRIES = 5;
-
     static entry_t* as_entry(entry_handle_t db_handle)
     {
         return reinterpret_cast<entry_t*>(db_handle);
@@ -150,11 +148,11 @@ class MemorySecurityDb : public SecurityDb {
 
 private:
     virtual uint8_t get_entry_count() {
-        return MAX_ENTRIES;
+        return BLE_SECURITY_DATABASE_MAX_ENTRIES;
     }
 
     virtual SecurityDistributionFlags_t* get_entry_handle_by_index(uint8_t index) {
-        if (index < MAX_ENTRIES) {
+        if (index < BLE_SECURITY_DATABASE_MAX_ENTRIES) {
             return &_entries[index].flags;
         } else {
             return NULL;
@@ -187,7 +185,7 @@ class MemorySecurityDb : public SecurityDb {
     };
 
 private:
-    entry_t _entries[MAX_ENTRIES];
+    entry_t _entries[BLE_SECURITY_DATABASE_MAX_ENTRIES];
 };
 
 } /* namespace pal */

features/FEATURE_BLE/ble/generic/SecurityDb.h

@@ -425,6 +425,31 @@ class SecurityDb {
         _local_sign_counter = sign_counter;
     }
 
+    /* local identity */
+    /**
+     * Update the local identity.
+     *
+     * @param[in] csrk new CSRK value
+     */
+    virtual void set_local_identity(
+            const irk_t &irk,
+            const address_t &identity_address,
+            bool public_address
+    )  {
+        _local_identity.irk = irk;
+        _local_identity.identity_address = identity_address;
+        _local_identity.identity_address_is_public = public_address;
+    }
+
+    /**
+     * Return local irk.
+     *
+     * @return irk
+     */
+    virtual irk_t get_local_irk() {
+        return _local_identity.irk;
+    }
+
     /* list management */
 
     /**
@@ -592,6 +617,21 @@ class SecurityDb {
                 continue;
             }
 
+            // Add the connection address
+            whitelist->addresses[whitelist->size].address = flags->peer_address.data();
+
+            if (flags->peer_address_is_public) {
+                whitelist->addresses[whitelist->size].type = peer_address_type_t::PUBLIC;
+            } else {
+                whitelist->addresses[whitelist->size].type = peer_address_type_t::RANDOM;
+            }
+
+            whitelist->size++;
+            if (whitelist->size == whitelist->capacity) {
+                break;
+            }
+
+            // Add the identity address
             SecurityEntryIdentity_t* identity = read_in_entry_peer_identity(db_handle);
             if (!identity) {
                 continue;

features/FEATURE_BLE/ble/pal/PalSecurityManager.h

@@ -964,7 +964,23 @@ class SecurityManager : private mbed::NonCopyable<SecurityManager<Impl, EventHan
     ble_error_t set_private_address_timeout(
         uint16_t timeout_in_seconds
     ) {
-        return impl()->set_private_address_timeout(timeout_in_seconds);
+        return impl()->set_private_address_timeout_(timeout_in_seconds);
+    }
+
+    /**
+     * Retrieve the identity address used by the controller
+     *
+     * @param address Will contain the address retrieved.
+     * @param public_address will be true if the address is public and false
+     * otherwise.
+     * @return BLE_ERROR_NONE On success, else an error code indicating the reason
+     * of the failure
+     */
+    ble_error_t get_identity_address(
+        address_t& address,
+        bool& public_address
+    ) {
+        return impl()->get_identity_address_(address, public_address);
     }
 
     ////////////////////////////////////////////////////////////////////////////

features/FEATURE_BLE/mbed_lib.json

@@ -71,6 +71,11 @@
             "help": "Include periodic advertising support, depends on the extended advertising feature.",
             "value": true,
             "macro_name": "BLE_FEATURE_PERIODIC_ADVERTISING"
+        },
+        "ble-security-database-max-entries": {
+            "help": "How many entries can be stored in the db, depends on security manager.",
+            "value": 5,
+            "macro_name": "BLE_SECURITY_DATABASE_MAX_ENTRIES"
         }
     }
 }

features/FEATURE_BLE/source/generic/FileSecurityDb.cpp

@@ -54,7 +54,7 @@ const uint16_t DB_VERSION = 1;
     )
 
 #define DB_SIZE_STORES \
-    (FileSecurityDb::MAX_ENTRIES * DB_SIZE_STORE)
+    (BLE_SECURITY_DATABASE_MAX_ENTRIES * DB_SIZE_STORE)
 
 #define DB_OFFSET_VERSION          (0)
 #define DB_OFFSET_RESTORE          (DB_OFFSET_VERSION + sizeof(DB_VERSION))
@@ -265,6 +265,22 @@ void FileSecurityDb::set_entry_peer_sign_counter(
     }
 }
 
+void FileSecurityDb::set_local_csrk(
+    const csrk_t &csrk
+) {
+    this->SecurityDb::set_local_csrk(csrk);
+    db_write(&_local_csrk, DB_OFFSET_LOCAL_CSRK);
+}
+
+void FileSecurityDb::set_local_identity(
+    const irk_t &irk,
+    const address_t &identity_address,
+    bool public_address
+) {
+    this->SecurityDb::set_local_identity(irk, identity_address, public_address);
+    db_write(&_local_identity, DB_OFFSET_LOCAL_IDENTITY);
+}
+
 /* saving and loading from nvm */
 
 void FileSecurityDb::restore() {
@@ -299,6 +315,7 @@ void FileSecurityDb::sync(entry_handle_t db_handle) {
 
     db_write(&entry->peer_sign_counter, entry->file_offset + DB_STORE_OFFSET_PEER_SIGNING_COUNT);
     db_write(&entry->flags, entry->file_offset + DB_STORE_OFFSET_FLAGS);
+    db_write(&_local_sign_counter, DB_OFFSET_LOCAL_SIGN_COUNT);
 }
 
 void FileSecurityDb::set_restore(bool reload) {
@@ -308,11 +325,11 @@ void FileSecurityDb::set_restore(bool reload) {
 /* helper functions */
 
 uint8_t FileSecurityDb::get_entry_count() {
-    return MAX_ENTRIES;
+    return BLE_SECURITY_DATABASE_MAX_ENTRIES;
 }
 
 SecurityDistributionFlags_t* FileSecurityDb::get_entry_handle_by_index(uint8_t index) {
-    if (index < MAX_ENTRIES) {
+    if (index < BLE_SECURITY_DATABASE_MAX_ENTRIES) {
         return &_entries[index].flags;
     } else {
         return NULL;