Depending on BR/EDR and SMP support only subset of keys functionality
is needed. This fix compilation if SMP is disabled and BR/EDR is
enabled.
Change-Id: Icf4b5ad1a214e514e03c4c9a359d151e69cab2ab
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
Reorganizes mostly by using preprocessor (indirectly Kconfig options)
strictly LE-SMP related interfaces and security interfaces shared
between LE and BREDR connections.
Change-Id: I90daa36d72403cd5b73e6791714fcaf7f1fbe8e5
Signed-off-by: Arkadiusz Lichwa <arkadiusz.lichwa@tieto.com>
This add following handling of LE SC debug keys:
- if debug keys are disabled locally generated public/private keys
is checked to not match debug keys by accident
- if debug keys are enabled those are used as local public/private
keys pair allowing sniffing of encrypted air traffic
- tracking of remote device using debug keys
- debug keys are discarded after disconnection regardless of bonding
flag being set or not
- due to HCI interface limitation debug keys are not supported for
HCI based ECDH and compilation error will be rised for such
configuration
Change-Id: Ie147b1893c4a6b9542b4d2c261973a7acbd8de96
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
Instead of manually creating bit shifts for individual bits use the
BIT() macro that exists for this purpose.
Change-Id: I599ecc16b3a2cffe8a355e19816c405e51937e91
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Keys storage is present also for non bonded devices. Add helper
that checks for actual keys being present in storage that may be
used inline.
Change-Id: Icfc758e3ac89e88ca48948e5193878cf5689611a
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
Updates connection object keys using generated link key and mark the
key as legacy after successful pairing initiated by remote.
Change-Id: Idcd02ea12c45f6f19f6675a2d6161a8349dde170
Signed-off-by: Arkadiusz Lichwa <arkadiusz.lichwa@tieto.com>
Updates keys interfaces allowing to store and locate legacy link key
in keys database.
Change-Id: Ibd50edff890e998e3c6f80ee7f1442dff7a7c91f
Signed-off-by: Arkadiusz Lichwa <arkadiusz.lichwa@tieto.com>
Converts bt_keys type to atomic_t flags to enable consistent and
compact key type management.
Change-Id: Ie384168da6d5d0d1b305a33988ce7689ba3a4c6a
Signed-off-by: Arkadiusz Lichwa <arkadiusz.lichwa@tieto.com>
This patch introduce new Kconfig option that is used to indicate if
device should operate in Secure Connection Only Mode. Enabling this
option removes support for LE Legacy Pairing.
Change-Id: If224b6786f4c840959fe87a31f0224bc1e21f90e
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
This allows to store LE SC keys. Since LE SC and legacy
pairing are mutually exlusive there is no need for additional
storage space as keys.ltk can be used for it.
Change-Id: I784e670684e9047b4b90b8cb8505d9b581c47b50
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
This allows to pair with devices that use reduced encryption key size.
Encryption key size is stored with keys for future use. LTKs are kept
in full form (16 bytes) and are reduced only when used.
As master:
< ACL Data TX: Handle 64 flags 0x00 dlen 11
SMP: Pairing Request (0x01) len 6
IO capability: NoInputNoOutput (0x03)
OOB data: Authentication data not present (0x00)
Authentication requirement: Bonding, No MITM, Legacy,
No Keypresses (0x01)
Max encryption key size: 16
Initiator key distribution: EncKey Sign (0x05)
Responder key distribution: EncKey IdKey Sign (0x07)
> ACL Data RX: Handle 64 flags 0x02 dlen 11
SMP: Pairing Response (0x02) len 6
IO capability: KeyboardDisplay (0x04)
OOB data: Authentication data not present (0x00)
Authentication requirement: No bonding, No MITM, Legacy,
No Keypresses (0x00)
Max encryption key size: 7
Initiator key distribution: <none> (0x00)
Responder key distribution: <none> (0x00)
...
< HCI Command: LE Start Encryption (0x08|0x0019) plen 28
Handle: 64
Random number: 0x0000000000000000
Encrypted diversifier: 0x0000
Long term key: df3cff52a981d6000000000000000000
As slave:
> ACL Data RX: Handle 64 flags 0x02 dlen 11
SMP: Pairing Request (0x01) len 6
IO capability: KeyboardDisplay (0x04)
OOB data: Authentication data not present (0x00)
Authentication requirement: No bonding, No MITM, Legacy,
No Keypresses (0x00)
Max encryption key size: 7
Initiator key distribution: <none> (0x00)
Responder key distribution: <none> (0x00)
< ACL Data TX: Handle 64 flags 0x00 dlen 11
SMP: Pairing Response (0x02) len 6
IO capability: NoInputNoOutput (0x03)
OOB data: Authentication data not present (0x00)
Authentication requirement: No bonding, No MITM, Legacy,
No Keypresses (0x00)
Max encryption key size: 16
Initiator key distribution: <none> (0x00)
Responder key distribution: <none> (0x00)
...
> HCI Event: LE Meta Event (0x3e) plen 13
LE Long Term Key Request (0x05)
Handle: 64
Random number: 0x0000000000000000
Encrypted diversifier: 0x0000
< HCI Command: LE Long Term Key Request Reply (0x08|0x001a) plen 18
Handle: 64
Long term key: 701b431a9e17bb000000000000000000
Change-Id: Ibc70aa01c040aff0d39410d273d6880d35aa5ae0
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
Change all the Intel and Wind River code license from BSD-3 to Apache 2.
Change-Id: Id8be2c1c161a06ea8a0b9f38e17660e11dbb384b
Signed-off-by: Javier B Perez Hernandez <javier.b.perez.hernandez@linux.intel.com>
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
There is no need to define keys types if SMP is disabled.
Change-Id: If6b653906df4623f440b258afd574722498109d0
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
This allows to not compile SMP support for devices that don't
require pairing. It is required to support SMP channel and reply
with error for any command received even if pairing is not supported.
To handle this cleanly a null smp implementation is used that case.
Change-Id: I656a52dac882839db904eee65f25a4e29ea2d8c2
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
This allows to not compile data signing support if it is not
required. Reduces image size of peripheral sample app from
45772 to 44436 bytes.
Change-Id: I2cd3515973d1a70f478cbd68426ec84fd1645d19
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
Keys from same pairing have are of similar key type and
this can be stored in single place.
Change-Id: I38426c282604769424098af6ee26e0cf9cb5f358
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
There is no need for separate lists of each key type as this
lookup optimization is of little benefit. Removing those results in
much simpler and smaller code. Using array over list also improves
data locality and thus cache utilization.
This patch results in following code size reduction:
keys.o from 14208 to 10028 bytes
microkernel.elf from 599417 to 597091 bytes
Change-Id: Ia8fe21ca3d79f668d8550c4376fa403e8778861e
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
This allows to store information if key was generated during
authenticated or unauthenticated pairing.
Change-Id: Idd398749c869e6278bf10909cfb768ba09565d54
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
bt_keys_find_addr lookup for any keys for the given address thus it can
be used to check if bonding procedure has been perfomed.
Change-Id: Ia398866418a908e35c8cd70e19b2bb2aa0a0be96
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Add local and remote Connection Signature Resolving Keys and helper
functions.
Change-Id: I63af2e566dccc6ffb5397d28bde6f04bc78b93b1
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
When we already have bt_keys object and want to ensure that it
contains a certain key type it's wasteful to have to go and call
bt_keys_get_type() (because of the extra lookup it'll do).
Change-Id: I97831e6817e734d7e8b6aa18c7917736577f3438
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
This allows to store LTK used in further connections encryption
when acting as a master.
Change-Id: I5711d7a9ec5f36add66fbf07e546ebd64ecb3c8b
Signed-off-by: Szymon Janc <szymon.janc@tieto.com>
Add an API to bt_keys for looking up IRKs based on a given RPA.
Change-Id: If9c0569c8d619f9cb2b6174d77c25dd5358db863
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Add support to store IRKs through the bt_keys API.
Change-Id: I01f713f8ad3657605a8bc2738db349d25bb89649
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
We'll need to store many other keys besides slave LTKs. Refactor the
key handling code so that new types can be easily added.
Change-Id: I768db9cb29e8e73e87713e59f7b80af80399f20d
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
In preparation of adding more key support and to not bloat hci_core.c
prepare a new .c file for the key management code.
Change-Id: I5129a7a3a5d495a299f75e4e669253446a276142
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
