[GitHub] [mynewt-nimble] sjanc commented on a diff in pull request #1396: nimble/host: Add host callback to provide security keys

Tue, 11 Oct 2022 07:24:11 -0700 


sjanc commented on code in PR #1396:
URL: https://github.com/apache/mynewt-nimble/pull/1396#discussion_r992396802


##########
nimble/host/include/host/ble_store.h:
##########
@@ -178,6 +178,36 @@ struct ble_store_status_event {
     };
 };
 
+/* blestore.ltk_periph, ediv and rand are valid */
+#define BLE_STORE_KEYS_MASK_LTK     0x01
+/* ble_store_keys.irk is valid */
+#define BLE_STORE_KEYS_MASK_IRK     0x02
+/* ble_store_keys.csrk is valid */
+#define BLE_STORE_KEYS_MASK_CSRK    0x04
+
+struct ble_store_keys {
+    uint8_t ltk_periph[16];
+    uint16_t ediv;
+    uint64_t rand;
+    uint8_t irk[16];
+    uint8_t csrk[16];
+};
+
+/**
+ * Generates keys required by security module.
+ * This can be used to use custom routines to generate keys instead of simply
+ * randomizing them.
+ *
+ * @param keys_mask             Keys that shall be generated.
+ * @param keys                  Storage for generated keys. Only keys indicated
+ *                              by keys mask should be updated.
+ *
+ * @return                      0 if keys were generated successfully
+ *                              Other nonzero on error.
+ */
+typedef int ble_store_gen_keys_fn(uint8_t keys_mask,

Review Comment:
   key instead of keys_mask, since we always ask for single key



##########
nimble/host/include/host/ble_store.h:
##########
@@ -178,6 +178,36 @@ struct ble_store_status_event {
     };
 };
 
+/* blestore.ltk_periph, ediv and rand are valid */
+#define BLE_STORE_KEYS_MASK_LTK     0x01
+/* ble_store_keys.irk is valid */
+#define BLE_STORE_KEYS_MASK_IRK     0x02
+/* ble_store_keys.csrk is valid */
+#define BLE_STORE_KEYS_MASK_CSRK    0x04
+
+struct ble_store_keys {
+    uint8_t ltk_periph[16];

Review Comment:
   make this union



##########
nimble/host/src/ble_hs_startup.c:
##########
@@ -372,7 +373,18 @@ ble_hs_startup_go(void)
         return rc;
     }
 
-    ble_hs_pvcy_set_our_irk(NULL);
+    if (ble_hs_cfg.store_gen_keys_cb) {
+        rc = ble_hs_cfg.store_gen_keys_cb(BLE_STORE_KEYS_MASK_IRK, &keys);

Review Comment:
   maybe memset keys before calling callback



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@mynewt.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to