pass in information about the mitm and sc quality of the ltk to the pal

paul-szczepanek-arm · paul-szczepanek-arm · commit c52d324dab71 · 2018-02-28T12:02:54.000Z
diff --git a/features/FEATURE_BLE/ble/pal/PalSecurityManager.h b/features/FEATURE_BLE/ble/pal/PalSecurityManager.h
@@ -766,13 +766,15 @@ class SecurityManager : private mbed::NonCopyable<SecurityManager> {
      * @param[in] ltk long term key from the peer
      * @param[in] ediv encryption diversifier from the peer
      * @param[in] rand random value from the peer
+     * @param[in] mitm does the LTK have man in the middle protection
      * @retval BLE_ERROR_NONE On success, else an error code indicating reason for failure
      */
     virtual ble_error_t enable_encryption(
         connection_handle_t connection,
         const ltk_t &ltk,
         const rand_t &rand,
-        const ediv_t &ediv
+        const ediv_t &ediv,
+        bool mitm
     ) = 0;
 
     /**
@@ -781,11 +783,13 @@ class SecurityManager : private mbed::NonCopyable<SecurityManager> {
      *
      * @param[in] connection connection handle
      * @param[in] ltk long term key from the peer
+     * @param[in] mitm does the LTK have man in the middle protection
      * @retval BLE_ERROR_NONE On success, else an error code indicating reason for failure
      */
     virtual ble_error_t enable_encryption(
         connection_handle_t connection,
-        const ltk_t &ltk
+        const ltk_t &ltk,
+        bool mitm
     ) = 0;
 
     virtual ble_error_t disable_encryption(
@@ -834,11 +838,15 @@ class SecurityManager : private mbed::NonCopyable<SecurityManager> {
      *
      * @param[in] connection connection handle
      * @param[in] ltk long term key
+     * @param[in] mitm does the LTK have man in the middle protection
+     * @param[in] secure_connections is this a secure_connections pairing
      * @retval BLE_ERROR_NONE On success, else an error code indicating reason for failure
      */
     virtual ble_error_t set_ltk(
         connection_handle_t connection,
-        const ltk_t &ltk
+        const ltk_t &ltk,
+        bool mitm,
+        bool secure_connections
     ) = 0;
 
     /**
diff --git a/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp b/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp
@@ -654,9 +654,9 @@ void GenericSecurityManager::enable_encryption_cb(
 
     if (cb && entryKeys) {
         if (cb->secure_connections_paired) {
-            _pal.enable_encryption(cb->connection, entryKeys->ltk);
+            _pal.enable_encryption(cb->connection, entryKeys->ltk, cb->ltk_mitm_protected);
         } else {
-            _pal.enable_encryption(cb->connection, entryKeys->ltk, entryKeys->rand, entryKeys->ediv);
+            _pal.enable_encryption(cb->connection, entryKeys->ltk, entryKeys->rand, entryKeys->ediv, cb->ltk_mitm_protected);
         }
     }
 }
@@ -669,7 +669,7 @@ void GenericSecurityManager::set_ltk_cb(
 
     if (cb) {
         if (entryKeys) {
-            _pal.set_ltk(cb->connection, entryKeys->ltk);
+            _pal.set_ltk(cb->connection, entryKeys->ltk, cb->ltk_mitm_protected, cb->secure_connections_paired);
         } else {
             _pal.set_ltk_not_found(cb->connection);
         }
@@ -1206,8 +1206,8 @@ void GenericSecurityManager::on_ltk_request(
 GenericSecurityManager::ControlBlock_t::ControlBlock_t() :
     pal::SecurityDistributionFlags_t(),
     connection(0),
-    local_address(),
     db_entry(0),
+    local_address(),
     connected(false),
     authenticated(false),
     is_master(false),
diff --git a/features/FEATURE_BLE/targets/TARGET_CORDIO/CordioPalSecurityManager.h b/features/FEATURE_BLE/targets/TARGET_CORDIO/CordioPalSecurityManager.h
@@ -134,15 +134,17 @@ class CordioSecurityManager : public ::ble::pal::SecurityManager {
         connection_handle_t connection,
         const ltk_t &ltk,
         const rand_t &rand,
-        const ediv_t &ediv
+        const ediv_t &ediv,
+        bool mitm
     );
 
     /**
      * @see ::ble::pal::SecurityManager::enable_encryption
      */
     virtual ble_error_t enable_encryption(
         connection_handle_t connection,
-        const ltk_t &ltk
+        const ltk_t &ltk,
+        bool mitm
     );
 
     /**
@@ -188,7 +190,12 @@ class CordioSecurityManager : public ::ble::pal::SecurityManager {
     /**
      * @see ::ble::pal::SecurityManager::set_ltk
      */
-    virtual ble_error_t set_ltk(connection_handle_t connection, const ltk_t &ltk);
+    virtual ble_error_t set_ltk(
+        connection_handle_t connection,
+        const ltk_t &ltk,
+        bool mitm,
+        bool secure_connections
+    );
 
     /**
      * @see ::ble::pal::SecurityManager::set_ltk_not_found
diff --git a/features/FEATURE_BLE/targets/TARGET_CORDIO/source/CordioPalSecurityManager.cpp b/features/FEATURE_BLE/targets/TARGET_CORDIO/source/CordioPalSecurityManager.cpp
@@ -134,7 +134,8 @@ ble_error_t CordioSecurityManager::enable_encryption(
     connection_handle_t connection,
     const ltk_t &ltk,
     const rand_t &rand,
-    const ediv_t &ediv
+    const ediv_t &ediv,
+    bool mitm
 ) {
     dmSecLtk_t sec_ltk;
     memcpy(sec_ltk.key, ltk.data(), ltk.size());
@@ -152,7 +153,8 @@ ble_error_t CordioSecurityManager::enable_encryption(
 
 ble_error_t CordioSecurityManager::enable_encryption(
     connection_handle_t connection,
-    const ltk_t &ltk
+    const ltk_t &ltk,
+    bool mitm
 ) {
     dmSecLtk_t sec_ltk = { 0 };
     memcpy(sec_ltk.key, ltk.data(), ltk.size());
@@ -207,7 +209,10 @@ ble_error_t CordioSecurityManager::set_private_address_timeout(
 //
 
 ble_error_t CordioSecurityManager::set_ltk(
-    connection_handle_t connection, const ltk_t& ltk
+    connection_handle_t connection,
+    const ltk_t& ltk,
+    bool mitm,
+    bool secure_connections
 ) {
     // FIXME: get access to the security level of a key
     DmSecLtkRsp(
