Skip to content

Commit c52d324

Browse files
pass in information about the mitm and sc quality of the ltk to the pal
1 parent abcc5db commit c52d324

File tree

4 files changed

+33
-13
lines changed

4 files changed

+33
-13
lines changed

features/FEATURE_BLE/ble/pal/PalSecurityManager.h

Lines changed: 11 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -766,13 +766,15 @@ class SecurityManager : private mbed::NonCopyable<SecurityManager> {
766766
* @param[in] ltk long term key from the peer
767767
* @param[in] ediv encryption diversifier from the peer
768768
* @param[in] rand random value from the peer
769+
* @param[in] mitm does the LTK have man in the middle protection
769770
* @retval BLE_ERROR_NONE On success, else an error code indicating reason for failure
770771
*/
771772
virtual ble_error_t enable_encryption(
772773
connection_handle_t connection,
773774
const ltk_t &ltk,
774775
const rand_t &rand,
775-
const ediv_t &ediv
776+
const ediv_t &ediv,
777+
bool mitm
776778
) = 0;
777779

778780
/**
@@ -781,11 +783,13 @@ class SecurityManager : private mbed::NonCopyable<SecurityManager> {
781783
*
782784
* @param[in] connection connection handle
783785
* @param[in] ltk long term key from the peer
786+
* @param[in] mitm does the LTK have man in the middle protection
784787
* @retval BLE_ERROR_NONE On success, else an error code indicating reason for failure
785788
*/
786789
virtual ble_error_t enable_encryption(
787790
connection_handle_t connection,
788-
const ltk_t &ltk
791+
const ltk_t &ltk,
792+
bool mitm
789793
) = 0;
790794

791795
virtual ble_error_t disable_encryption(
@@ -834,11 +838,15 @@ class SecurityManager : private mbed::NonCopyable<SecurityManager> {
834838
*
835839
* @param[in] connection connection handle
836840
* @param[in] ltk long term key
841+
* @param[in] mitm does the LTK have man in the middle protection
842+
* @param[in] secure_connections is this a secure_connections pairing
837843
* @retval BLE_ERROR_NONE On success, else an error code indicating reason for failure
838844
*/
839845
virtual ble_error_t set_ltk(
840846
connection_handle_t connection,
841-
const ltk_t &ltk
847+
const ltk_t &ltk,
848+
bool mitm,
849+
bool secure_connections
842850
) = 0;
843851

844852
/**

features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -654,9 +654,9 @@ void GenericSecurityManager::enable_encryption_cb(
654654

655655
if (cb && entryKeys) {
656656
if (cb->secure_connections_paired) {
657-
_pal.enable_encryption(cb->connection, entryKeys->ltk);
657+
_pal.enable_encryption(cb->connection, entryKeys->ltk, cb->ltk_mitm_protected);
658658
} else {
659-
_pal.enable_encryption(cb->connection, entryKeys->ltk, entryKeys->rand, entryKeys->ediv);
659+
_pal.enable_encryption(cb->connection, entryKeys->ltk, entryKeys->rand, entryKeys->ediv, cb->ltk_mitm_protected);
660660
}
661661
}
662662
}
@@ -669,7 +669,7 @@ void GenericSecurityManager::set_ltk_cb(
669669

670670
if (cb) {
671671
if (entryKeys) {
672-
_pal.set_ltk(cb->connection, entryKeys->ltk);
672+
_pal.set_ltk(cb->connection, entryKeys->ltk, cb->ltk_mitm_protected, cb->secure_connections_paired);
673673
} else {
674674
_pal.set_ltk_not_found(cb->connection);
675675
}
@@ -1206,8 +1206,8 @@ void GenericSecurityManager::on_ltk_request(
12061206
GenericSecurityManager::ControlBlock_t::ControlBlock_t() :
12071207
pal::SecurityDistributionFlags_t(),
12081208
connection(0),
1209-
local_address(),
12101209
db_entry(0),
1210+
local_address(),
12111211
connected(false),
12121212
authenticated(false),
12131213
is_master(false),

features/FEATURE_BLE/targets/TARGET_CORDIO/CordioPalSecurityManager.h

Lines changed: 10 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -134,15 +134,17 @@ class CordioSecurityManager : public ::ble::pal::SecurityManager {
134134
connection_handle_t connection,
135135
const ltk_t &ltk,
136136
const rand_t &rand,
137-
const ediv_t &ediv
137+
const ediv_t &ediv,
138+
bool mitm
138139
);
139140

140141
/**
141142
* @see ::ble::pal::SecurityManager::enable_encryption
142143
*/
143144
virtual ble_error_t enable_encryption(
144145
connection_handle_t connection,
145-
const ltk_t &ltk
146+
const ltk_t &ltk,
147+
bool mitm
146148
);
147149

148150
/**
@@ -188,7 +190,12 @@ class CordioSecurityManager : public ::ble::pal::SecurityManager {
188190
/**
189191
* @see ::ble::pal::SecurityManager::set_ltk
190192
*/
191-
virtual ble_error_t set_ltk(connection_handle_t connection, const ltk_t &ltk);
193+
virtual ble_error_t set_ltk(
194+
connection_handle_t connection,
195+
const ltk_t &ltk,
196+
bool mitm,
197+
bool secure_connections
198+
);
192199

193200
/**
194201
* @see ::ble::pal::SecurityManager::set_ltk_not_found

features/FEATURE_BLE/targets/TARGET_CORDIO/source/CordioPalSecurityManager.cpp

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -134,7 +134,8 @@ ble_error_t CordioSecurityManager::enable_encryption(
134134
connection_handle_t connection,
135135
const ltk_t &ltk,
136136
const rand_t &rand,
137-
const ediv_t &ediv
137+
const ediv_t &ediv,
138+
bool mitm
138139
) {
139140
dmSecLtk_t sec_ltk;
140141
memcpy(sec_ltk.key, ltk.data(), ltk.size());
@@ -152,7 +153,8 @@ ble_error_t CordioSecurityManager::enable_encryption(
152153

153154
ble_error_t CordioSecurityManager::enable_encryption(
154155
connection_handle_t connection,
155-
const ltk_t &ltk
156+
const ltk_t &ltk,
157+
bool mitm
156158
) {
157159
dmSecLtk_t sec_ltk = { 0 };
158160
memcpy(sec_ltk.key, ltk.data(), ltk.size());
@@ -207,7 +209,10 @@ ble_error_t CordioSecurityManager::set_private_address_timeout(
207209
//
208210

209211
ble_error_t CordioSecurityManager::set_ltk(
210-
connection_handle_t connection, const ltk_t& ltk
212+
connection_handle_t connection,
213+
const ltk_t& ltk,
214+
bool mitm,
215+
bool secure_connections
211216
) {
212217
// FIXME: get access to the security level of a key
213218
DmSecLtkRsp(

0 commit comments

Comments
 (0)