BLE: Security Manager #6188
BLE: Security Manager #6188
Conversation
…/mbed into palsm-cordio-implementation
Palsm cordio and Nordic implementation
…d, moved passkey classes to pal
| * | ||
| * @param[in] connectionHandle connection connectionHandle | ||
| */ | ||
| virtual void confirmationRequest(ble::connection_handle_t connectionHandle) { |
There was a problem hiding this comment.
What are you supposed to confirm ? I believe this should take the value to confirm in parameter.
There was a problem hiding this comment.
those comments are bad, will clarify, this is confirmation that passkeys match
There was a problem hiding this comment.
How do you push the confirmation value to the user ? According to the specification:
If both devices have output capabilities, this step requires the displaying of a
user confirmation value. This value should be displayed until the end of step 2.
If one or both devices do not have output capabilities, the same protocol is
used but the Hosts will skip the step asking for the user confirmation.
User confirmation is required in Numeric Comparison; not Passkey entry.
There was a problem hiding this comment.
you use displayPasskey on both (supplying the number to display) and then request confirmation on one or both and application calls confirmationEntered
There was a problem hiding this comment.
added diagram to overview doc and comments in doxygen
| } | ||
|
|
||
| // set the distribution flags in the db | ||
| _db.set_distribution_flags(cb->db_entry, *cb); |
There was a problem hiding this comment.
deref of cb outside the cb check
| ControlBlock_t *cb = get_control_block(connection); | ||
| if (cb) { | ||
| if (cb->encryption_requested) { | ||
| enable_encryption(connection); |
There was a problem hiding this comment.
not needed as already encrypted
|
Heads up @paul-szczepanek-arm, there's now a conflicting file in master. |
| @@ -14,16 +14,150 @@ | |||
| * limitations under the License. | |||
| */ | |||
|
|
|||
| #ifndef __SECURITY_MANAGER_H__ | |||
| #define __SECURITY_MANAGER_H__ | |||
| #ifndef _SECURITY_MANAGER_H_ | |||
There was a problem hiding this comment.
Identifier starting with an underscore and an uppercase letter are reserved :(.
| * | ||
| * | ||
| * Sequence diagram "Just Works" pairing | ||
| * |
There was a problem hiding this comment.
It might be interesting to surround diagrams with verbatim and endverbatim tags: https://www.stack.nl/~dimitri/doxygen/manual/commands.html#cmdverbatim
| * it. If either side doesn't support it Legacy Pairing will be used. This is an older standard of pairing. | ||
| * If higher security is required legacy pairing can be disabled by calling allowLegacyPairing(false); | ||
| * | ||
| * How to use |
There was a problem hiding this comment.
It maybe interresting to use the tag par: https://www.stack.nl/~dimitri/doxygen/manual/commands.html#cmdpar
There was a problem hiding this comment.
added paragraphs
| * @param[in] whitelist pointer to the whitelist filled with entries based on bonding information | ||
| */ | ||
| virtual void whitelistFromBondTable(Gap::Whitelist_t* whitelist) { | ||
| if (whitelist) { |
| namespace ble { | ||
| namespace generic { | ||
|
|
||
| using pal::advertising_peer_address_type_t; |
There was a problem hiding this comment.
using directives shouldn't be used in headers.
| * Implemented by classes that are reacting to connection changes. | ||
| * @see ConnectionEventMonitor | ||
| */ | ||
| class ConnectionEventHandler { |
There was a problem hiding this comment.
This should be an inner class of ConnectionEventMonitor.
| * limitations under the License. | ||
| */ | ||
|
|
||
| #ifndef _PAL_MEMORY_SECURITY_DB_H_ |
There was a problem hiding this comment.
The leading underscore should be removed.
| @@ -0,0 +1,72 @@ | |||
| /* mbed Microcontroller Library | |||
There was a problem hiding this comment.
No idea how it gets here. This file should be removed.
|
Woo! Let's kick off CI for this PR! /morph build |
Build : SUCCESSBuild number : 1318 Triggering tests/morph test |
Exporter Build : FAILUREBuild number : 978 |
|
A single Windows VM had issues pulling sources to export. Restarting the build. /morph export-build |
Exporter Build : SUCCESSBuild number : 979 |
Test : SUCCESSBuild number : 1103 |
Description
The existing Security Manager is very limited. This extends the API and actually implements the functionality. So far this only works for hardware using the Cordio stack and will require porting from maintainers of other devices.
This pull request includes legacy pairing and link security. Secure Connections are included but not tested due to lack of hardware targets supporting it.
Tested on the cordio stack port for the ST nucleo and discovery using the new Security Manager example (ARMmbed/mbed-os-example-ble#136).
(Handbook: ARMmbed/mbed-os-5-docs#418)
Pull request type