2018-01-29 17:57:00 +00:00
|
|
|
/* mbed Microcontroller Library
|
|
|
|
|
* Copyright (c) 2018 ARM Limited
|
|
|
|
|
*
|
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
|
* You may obtain a copy of the License at
|
|
|
|
|
*
|
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
*
|
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
|
* limitations under the License.
|
|
|
|
|
*/
|
|
|
|
|
|
2018-02-27 17:25:57 +00:00
|
|
|
#ifndef _GENERIC_SECURITY_MANAGER_H_
|
|
|
|
|
#define _GENERIC_SECURITY_MANAGER_H_
|
2018-01-29 17:57:00 +00:00
|
|
|
|
|
|
|
|
#include "ble/pal/GapTypes.h"
|
|
|
|
|
#include "ble/BLETypes.h"
|
2018-02-19 14:43:56 +00:00
|
|
|
#include "ble/pal/SecurityDb.h"
|
2018-02-19 13:46:46 +00:00
|
|
|
#include "platform/Callback.h"
|
2018-02-19 17:46:41 +00:00
|
|
|
#include "ble/pal/ConnectionEventMonitor.h"
|
2018-02-19 15:32:07 +00:00
|
|
|
#include "ble/generic/GenericGap.h"
|
2018-02-13 11:01:30 +00:00
|
|
|
#include "ble/pal/PalSecurityManager.h"
|
2018-01-29 17:57:00 +00:00
|
|
|
|
|
|
|
|
namespace ble {
|
|
|
|
|
namespace generic {
|
|
|
|
|
|
|
|
|
|
typedef SecurityManager::SecurityIOCapabilities_t SecurityIOCapabilities_t;
|
|
|
|
|
|
|
|
|
|
class GenericSecurityManager : public SecurityManager,
|
2018-02-27 17:22:13 +00:00
|
|
|
public pal::SecurityManager::EventHandler,
|
2018-03-01 20:31:51 +00:00
|
|
|
public pal::ConnectionEventMonitor::EventHandler {
|
2018-01-29 17:57:00 +00:00
|
|
|
public:
|
2018-02-23 11:12:49 +00:00
|
|
|
typedef ble::pal::SecurityDistributionFlags_t SecurityDistributionFlags_t;
|
2018-02-19 14:43:56 +00:00
|
|
|
typedef ble::pal::SecurityEntryKeys_t SecurityEntryKeys_t;
|
|
|
|
|
|
2018-02-08 16:03:52 +00:00
|
|
|
/* implements SecurityManager */
|
|
|
|
|
|
2018-01-29 17:57:00 +00:00
|
|
|
////////////////////////////////////////////////////////////////////////////
|
|
|
|
|
// SM lifecycle management
|
|
|
|
|
//
|
2018-02-08 16:03:52 +00:00
|
|
|
|
2018-01-29 17:57:00 +00:00
|
|
|
virtual ble_error_t init(
|
|
|
|
|
bool bondable = true,
|
|
|
|
|
bool mitm = true,
|
|
|
|
|
SecurityIOCapabilities_t iocaps = IO_CAPS_NONE,
|
|
|
|
|
const Passkey_t passkey = NULL,
|
|
|
|
|
bool signing = true
|
|
|
|
|
);
|
|
|
|
|
|
2018-02-08 16:03:52 +00:00
|
|
|
virtual ble_error_t reset();
|
2018-01-29 17:57:00 +00:00
|
|
|
|
2018-02-08 16:03:52 +00:00
|
|
|
virtual ble_error_t preserveBondingStateOnReset(
|
|
|
|
|
bool enabled
|
|
|
|
|
);
|
2018-01-29 17:57:00 +00:00
|
|
|
|
|
|
|
|
////////////////////////////////////////////////////////////////////////////
|
|
|
|
|
// List management
|
|
|
|
|
//
|
|
|
|
|
|
2018-02-08 16:03:52 +00:00
|
|
|
virtual ble_error_t purgeAllBondingState();
|
2018-01-29 17:57:00 +00:00
|
|
|
|
2018-02-08 16:03:52 +00:00
|
|
|
virtual ble_error_t generateWhitelistFromBondTable(
|
|
|
|
|
Gap::Whitelist_t *whitelist
|
|
|
|
|
) const;
|
2018-01-30 22:49:35 +00:00
|
|
|
|
2018-01-29 17:57:00 +00:00
|
|
|
////////////////////////////////////////////////////////////////////////////
|
|
|
|
|
// Pairing
|
|
|
|
|
//
|
|
|
|
|
|
2018-02-08 16:03:52 +00:00
|
|
|
virtual ble_error_t requestPairing(
|
|
|
|
|
connection_handle_t connection
|
|
|
|
|
);
|
2018-01-29 17:57:00 +00:00
|
|
|
|
2018-02-08 16:03:52 +00:00
|
|
|
virtual ble_error_t acceptPairingRequest(
|
|
|
|
|
connection_handle_t connection
|
|
|
|
|
);
|
2018-01-29 17:57:00 +00:00
|
|
|
|
2018-02-23 11:12:49 +00:00
|
|
|
virtual ble_error_t cancelPairingRequest(
|
2018-02-08 16:03:52 +00:00
|
|
|
connection_handle_t connection
|
|
|
|
|
);
|
2018-01-29 17:57:00 +00:00
|
|
|
|
2018-02-08 16:03:52 +00:00
|
|
|
virtual ble_error_t setPairingRequestAuthorisation(
|
|
|
|
|
bool required = true
|
|
|
|
|
);
|
2018-01-29 17:57:00 +00:00
|
|
|
|
|
|
|
|
////////////////////////////////////////////////////////////////////////////
|
|
|
|
|
// Feature support
|
|
|
|
|
//
|
|
|
|
|
|
2018-02-08 16:03:52 +00:00
|
|
|
virtual ble_error_t allowLegacyPairing(
|
|
|
|
|
bool allow = true
|
|
|
|
|
);
|
2018-01-29 17:57:00 +00:00
|
|
|
|
2018-02-08 16:03:52 +00:00
|
|
|
virtual ble_error_t getSecureConnectionsSupport(
|
|
|
|
|
bool *enabled
|
|
|
|
|
);
|
2018-01-29 17:57:00 +00:00
|
|
|
|
|
|
|
|
////////////////////////////////////////////////////////////////////////////
|
|
|
|
|
// Security settings
|
|
|
|
|
//
|
|
|
|
|
|
2018-02-08 16:03:52 +00:00
|
|
|
virtual ble_error_t setIoCapability(
|
|
|
|
|
SecurityIOCapabilities_t iocaps
|
|
|
|
|
);
|
2018-01-29 17:57:00 +00:00
|
|
|
|
2018-02-08 16:03:52 +00:00
|
|
|
virtual ble_error_t setDisplayPasskey(
|
|
|
|
|
const Passkey_t passkey
|
|
|
|
|
);
|
2018-01-29 17:57:00 +00:00
|
|
|
|
|
|
|
|
virtual ble_error_t setAuthenticationTimeout(
|
|
|
|
|
connection_handle_t connection,
|
|
|
|
|
uint32_t timeout_in_ms
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
virtual ble_error_t getAuthenticationTimeout(
|
|
|
|
|
connection_handle_t connection,
|
|
|
|
|
uint32_t *timeout_in_ms
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
virtual ble_error_t setLinkSecurity(
|
|
|
|
|
connection_handle_t connection,
|
|
|
|
|
SecurityMode_t securityMode
|
|
|
|
|
);
|
|
|
|
|
|
2018-02-08 16:03:52 +00:00
|
|
|
virtual ble_error_t setKeypressNotification(
|
|
|
|
|
bool enabled = true
|
|
|
|
|
);
|
2018-01-29 17:57:00 +00:00
|
|
|
|
|
|
|
|
virtual ble_error_t enableSigning(
|
|
|
|
|
connection_handle_t connection,
|
|
|
|
|
bool enabled = true
|
|
|
|
|
);
|
|
|
|
|
|
2018-02-08 16:03:52 +00:00
|
|
|
virtual ble_error_t setHintFutureRoleReversal(
|
|
|
|
|
bool enable = true
|
|
|
|
|
);
|
2018-01-29 17:57:00 +00:00
|
|
|
|
|
|
|
|
////////////////////////////////////////////////////////////////////////////
|
|
|
|
|
// Encryption
|
|
|
|
|
//
|
|
|
|
|
|
|
|
|
|
virtual ble_error_t getLinkEncryption(
|
|
|
|
|
connection_handle_t connection,
|
|
|
|
|
link_encryption_t *encryption
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
virtual ble_error_t setLinkEncryption(
|
|
|
|
|
connection_handle_t connection,
|
|
|
|
|
link_encryption_t encryption
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
virtual ble_error_t getEncryptionKeySize(
|
|
|
|
|
connection_handle_t connection,
|
|
|
|
|
uint8_t *size
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
virtual ble_error_t setEncryptionKeyRequirements(
|
|
|
|
|
uint8_t minimumByteSize,
|
|
|
|
|
uint8_t maximumByteSize
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
////////////////////////////////////////////////////////////////////////////
|
|
|
|
|
// Privacy
|
|
|
|
|
//
|
|
|
|
|
|
2018-02-08 16:03:52 +00:00
|
|
|
virtual ble_error_t setPrivateAddressTimeout(
|
|
|
|
|
uint16_t timeout_in_seconds
|
|
|
|
|
);
|
2018-01-29 17:57:00 +00:00
|
|
|
|
|
|
|
|
////////////////////////////////////////////////////////////////////////////
|
|
|
|
|
// Keys
|
|
|
|
|
//
|
|
|
|
|
|
2018-01-29 21:10:08 +00:00
|
|
|
virtual ble_error_t getSigningKey(
|
|
|
|
|
connection_handle_t connection,
|
|
|
|
|
bool authenticated
|
|
|
|
|
);
|
2018-01-29 17:57:00 +00:00
|
|
|
|
|
|
|
|
////////////////////////////////////////////////////////////////////////////
|
|
|
|
|
// Authentication
|
|
|
|
|
//
|
|
|
|
|
|
2018-02-08 16:03:52 +00:00
|
|
|
virtual ble_error_t requestAuthentication(
|
|
|
|
|
connection_handle_t connection
|
|
|
|
|
);
|
2018-01-29 17:57:00 +00:00
|
|
|
|
|
|
|
|
////////////////////////////////////////////////////////////////////////////
|
|
|
|
|
// MITM
|
|
|
|
|
//
|
|
|
|
|
|
|
|
|
|
virtual ble_error_t setOOBDataUsage(
|
|
|
|
|
connection_handle_t connection,
|
|
|
|
|
bool useOOB,
|
|
|
|
|
bool OOBProvidesMITM = true
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
virtual ble_error_t confirmationEntered(
|
|
|
|
|
connection_handle_t connection,
|
|
|
|
|
bool confirmation
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
virtual ble_error_t passkeyEntered(
|
|
|
|
|
connection_handle_t connection,
|
|
|
|
|
Passkey_t passkey
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
virtual ble_error_t sendKeypressNotification(
|
|
|
|
|
connection_handle_t connection,
|
|
|
|
|
Keypress_t keypress
|
|
|
|
|
);
|
2018-01-29 23:16:47 +00:00
|
|
|
|
2018-02-06 22:59:21 +00:00
|
|
|
virtual ble_error_t legacyPairingOobReceived(
|
2018-02-07 10:16:44 +00:00
|
|
|
const address_t *address,
|
2018-02-06 22:59:21 +00:00
|
|
|
const oob_tk_t *tk
|
2018-02-06 10:17:31 +00:00
|
|
|
);
|
|
|
|
|
|
2018-02-06 22:59:21 +00:00
|
|
|
virtual ble_error_t oobReceived(
|
2018-02-07 10:16:44 +00:00
|
|
|
const address_t *address,
|
2018-02-27 11:43:50 +00:00
|
|
|
const oob_lesc_value_t *random,
|
2018-02-06 22:59:21 +00:00
|
|
|
const oob_confirm_t *confirm
|
|
|
|
|
);
|
2018-02-06 10:17:31 +00:00
|
|
|
|
2018-02-08 16:03:52 +00:00
|
|
|
/* ends implements SecurityManager */
|
|
|
|
|
|
2018-02-13 11:01:30 +00:00
|
|
|
public:
|
2018-02-12 10:27:27 +00:00
|
|
|
GenericSecurityManager(
|
2018-02-19 15:35:39 +00:00
|
|
|
pal::SecurityManager &palImpl,
|
|
|
|
|
pal::SecurityDb &dbImpl,
|
2018-02-19 17:46:41 +00:00
|
|
|
pal::ConnectionEventMonitor &connMonitorImpl
|
2018-02-12 10:27:27 +00:00
|
|
|
) : _pal(palImpl),
|
|
|
|
|
_db(dbImpl),
|
2018-02-19 17:46:41 +00:00
|
|
|
_connection_monitor(connMonitorImpl),
|
2018-02-12 10:27:27 +00:00
|
|
|
_default_authentication(0),
|
2018-03-01 20:31:51 +00:00
|
|
|
_default_key_distribution(pal::KeyDistribution::KEY_DISTRIBUTION_ALL),
|
2018-02-12 10:27:27 +00:00
|
|
|
_pairing_authorisation_required(false),
|
|
|
|
|
_legacy_pairing_allowed(true),
|
|
|
|
|
_master_sends_keys(false),
|
|
|
|
|
_public_keys_generated(false) {
|
2018-01-29 17:57:00 +00:00
|
|
|
_pal.set_event_handler(this);
|
|
|
|
|
}
|
|
|
|
|
|
2018-01-29 23:16:47 +00:00
|
|
|
////////////////////////////////////////////////////////////////////////////
|
|
|
|
|
// Helper functions
|
|
|
|
|
//
|
|
|
|
|
|
|
|
|
|
private:
|
2018-01-31 20:16:56 +00:00
|
|
|
/**
|
|
|
|
|
* Generate the CSRK if needed.
|
|
|
|
|
*
|
|
|
|
|
* @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
|
|
|
|
|
*/
|
2018-01-29 23:16:47 +00:00
|
|
|
ble_error_t init_signing();
|
|
|
|
|
|
2018-02-09 13:55:33 +00:00
|
|
|
/**
|
|
|
|
|
* Fills the buffer with the specified number of bytes of random data
|
|
|
|
|
* produced by the link controller
|
|
|
|
|
*
|
2018-02-09 16:39:01 +00:00
|
|
|
* @param[out] buffer buffer to be filled with random data
|
|
|
|
|
* @param[in] size number of bytes to fill with random data
|
2018-02-09 13:55:33 +00:00
|
|
|
* @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
|
|
|
|
|
*/
|
2018-02-12 10:27:27 +00:00
|
|
|
ble_error_t get_random_data(
|
|
|
|
|
uint8_t *buffer,
|
|
|
|
|
size_t size
|
|
|
|
|
);
|
2018-02-09 13:55:33 +00:00
|
|
|
|
2018-01-31 20:16:56 +00:00
|
|
|
/**
|
|
|
|
|
* Send slave security request based on current link settings.
|
|
|
|
|
*
|
|
|
|
|
* @param[in] connectionHandle Handle to identify the connection.
|
|
|
|
|
* @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
|
|
|
|
|
*/
|
2018-02-12 10:27:27 +00:00
|
|
|
ble_error_t slave_security_request(
|
|
|
|
|
connection_handle_t connection
|
|
|
|
|
);
|
2018-01-29 23:16:47 +00:00
|
|
|
|
2018-01-31 20:16:56 +00:00
|
|
|
/**
|
|
|
|
|
* Enable encryption on the link, depending on whether device is master or slave.
|
|
|
|
|
*
|
|
|
|
|
* @param[in] connectionHandle Handle to identify the connection.
|
|
|
|
|
* @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
|
|
|
|
|
*/
|
2018-02-12 10:27:27 +00:00
|
|
|
ble_error_t enable_encryption(
|
|
|
|
|
connection_handle_t connection
|
|
|
|
|
);
|
2018-01-29 23:16:47 +00:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Returns the requested LTK to the PAL. Called by the security db.
|
|
|
|
|
*
|
2018-01-31 20:16:56 +00:00
|
|
|
* @param[in] entry security entry returned by the database.
|
|
|
|
|
* @param[in] entryKeys security entry containing keys.
|
2018-01-29 23:16:47 +00:00
|
|
|
*/
|
2018-01-31 20:16:56 +00:00
|
|
|
void enable_encryption_cb(
|
2018-02-23 11:12:49 +00:00
|
|
|
pal::SecurityDb::entry_handle_t entry,
|
2018-01-31 20:16:56 +00:00
|
|
|
const SecurityEntryKeys_t* entryKeys
|
2018-01-29 23:16:47 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Returns the requested LTK to the PAL. Called by the security db.
|
|
|
|
|
*
|
2018-01-31 20:16:56 +00:00
|
|
|
* @param[in] entry security entry returned by the database.
|
|
|
|
|
* @param[in] entryKeys security entry containing keys.
|
2018-01-29 23:16:47 +00:00
|
|
|
*/
|
2018-01-31 20:16:56 +00:00
|
|
|
void set_ltk_cb(
|
2018-02-23 11:12:49 +00:00
|
|
|
pal::SecurityDb::entry_handle_t entry,
|
2018-01-31 20:16:56 +00:00
|
|
|
const SecurityEntryKeys_t* entryKeys
|
2018-01-29 23:16:47 +00:00
|
|
|
);
|
|
|
|
|
|
2018-01-31 20:16:56 +00:00
|
|
|
/**
|
|
|
|
|
* Returns the CSRK for the connection. Called by the security db.
|
|
|
|
|
*
|
2018-02-08 18:23:23 +00:00
|
|
|
* @param[in] connectionHandle Handle to identify the connection.
|
2018-01-31 20:16:56 +00:00
|
|
|
* @param[in] entryKeys security entry containing keys.
|
|
|
|
|
*/
|
2018-01-29 23:16:47 +00:00
|
|
|
void return_csrk_cb(
|
2018-02-23 11:12:49 +00:00
|
|
|
pal::SecurityDb::entry_handle_t connection,
|
2018-01-29 23:16:47 +00:00
|
|
|
const csrk_t *csrk
|
|
|
|
|
);
|
|
|
|
|
|
2018-02-09 13:29:37 +00:00
|
|
|
#if defined(MBEDTLS_CMAC_C)
|
2018-02-08 18:23:23 +00:00
|
|
|
/**
|
|
|
|
|
* Generate local OOB data to be sent to the application which sends it to the peer.
|
|
|
|
|
*
|
|
|
|
|
* @param[in] connectionHandle Handle to identify the connection.
|
|
|
|
|
*/
|
|
|
|
|
void generate_secure_connections_oob(
|
|
|
|
|
connection_handle_t connection
|
|
|
|
|
);
|
2018-02-09 13:29:37 +00:00
|
|
|
#endif
|
2018-02-08 18:23:23 +00:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Updates the entry for the connection with OOB data presence.
|
|
|
|
|
*
|
|
|
|
|
* @param[in] connectionHandle Handle to identify the connection.
|
|
|
|
|
*/
|
|
|
|
|
void update_oob_presence(
|
|
|
|
|
connection_handle_t connection
|
|
|
|
|
);
|
2018-02-09 12:54:08 +00:00
|
|
|
|
|
|
|
|
#if defined(MBEDTLS_CMAC_C)
|
2018-02-08 21:48:43 +00:00
|
|
|
/**
|
|
|
|
|
* Calculate the confirmation value for secure connections OOB data based
|
|
|
|
|
* on local public key and a random number.
|
|
|
|
|
* @see BLUETOOTH SPECIFICATION Version 5.0 | Vol 3, Part H - 2.2.6
|
|
|
|
|
|
|
|
|
|
* @param[in] U public key x component
|
|
|
|
|
* @param[in] V public key y component
|
|
|
|
|
* @param[in] X random number
|
|
|
|
|
* @param[out] confirm confirmation value
|
2018-02-09 12:54:08 +00:00
|
|
|
* @return true if cryptography functioned worked
|
2018-02-08 21:48:43 +00:00
|
|
|
*/
|
2018-02-09 12:54:08 +00:00
|
|
|
static bool crypto_toolbox_f4(
|
2018-02-12 10:27:27 +00:00
|
|
|
const public_key_t &U,
|
|
|
|
|
const public_key_t &V,
|
2018-02-27 11:43:50 +00:00
|
|
|
const oob_lesc_value_t &X,
|
2018-02-12 10:27:27 +00:00
|
|
|
oob_confirm_t &confirm
|
2018-02-08 21:48:43 +00:00
|
|
|
);
|
2018-02-09 12:54:08 +00:00
|
|
|
#endif
|
2018-02-08 18:23:23 +00:00
|
|
|
|
2018-02-11 18:08:21 +00:00
|
|
|
/**
|
|
|
|
|
* Set the MITM protection setting on the database entry
|
|
|
|
|
*
|
|
|
|
|
* @param[in] connectionHandle Handle to identify the connection.
|
|
|
|
|
* @param[in] enable if true set the MITM protection to on.
|
|
|
|
|
*/
|
2018-02-12 10:27:27 +00:00
|
|
|
virtual void set_mitm_performed(
|
|
|
|
|
connection_handle_t connection,
|
|
|
|
|
bool enable = true
|
|
|
|
|
);
|
2018-02-11 18:08:21 +00:00
|
|
|
|
2018-02-09 16:35:16 +00:00
|
|
|
/**
|
|
|
|
|
* Inform the Security manager of a new connection. This will create
|
|
|
|
|
* or retrieve an existing security manager entry for the connected device.
|
|
|
|
|
* Called by GAP.
|
|
|
|
|
*
|
|
|
|
|
* @param[in] connectionHandle Handle to identify the connection.
|
|
|
|
|
* @param[in] is_master True if device is the master.
|
2018-02-09 16:39:01 +00:00
|
|
|
* @param[in] peer_address_type type of address.
|
2018-02-09 16:35:16 +00:00
|
|
|
* @param[in] peer_address Address of the connected device.
|
|
|
|
|
* @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
|
|
|
|
|
*/
|
2018-02-19 16:28:01 +00:00
|
|
|
virtual void on_connected(
|
2018-02-09 16:35:16 +00:00
|
|
|
connection_handle_t connection,
|
2018-02-19 15:32:07 +00:00
|
|
|
Gap::Role_t role,
|
2018-02-09 16:35:16 +00:00
|
|
|
BLEProtocol::AddressType_t peer_address_type,
|
2018-02-19 15:32:07 +00:00
|
|
|
const BLEProtocol::AddressBytes_t peer_address,
|
|
|
|
|
BLEProtocol::AddressType_t local_address_type,
|
|
|
|
|
const BLEProtocol::AddressBytes_t local_address,
|
|
|
|
|
const Gap::ConnectionParams_t *connection_params
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Inform the security manager that a device has been disconnected and its
|
|
|
|
|
* entry can be put in NVM storage. Called by GAP.
|
|
|
|
|
*
|
|
|
|
|
* @param[in] connectionHandle Handle to identify the connection.
|
|
|
|
|
* @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
|
|
|
|
|
*/
|
2018-02-19 16:28:01 +00:00
|
|
|
virtual void on_disconnected(
|
2018-02-19 15:32:07 +00:00
|
|
|
connection_handle_t connection,
|
|
|
|
|
Gap::DisconnectionReason_t reason
|
2018-02-09 16:35:16 +00:00
|
|
|
);
|
|
|
|
|
|
2018-02-09 16:39:01 +00:00
|
|
|
/**
|
|
|
|
|
* Inform the security manager of a new connection.
|
|
|
|
|
*
|
|
|
|
|
* @param[in] params information about the new connection.
|
|
|
|
|
*/
|
2018-02-09 16:35:16 +00:00
|
|
|
void connection_callback(
|
|
|
|
|
const Gap::ConnectionCallbackParams_t* params
|
|
|
|
|
);
|
|
|
|
|
|
2018-02-09 16:39:01 +00:00
|
|
|
/**
|
2018-02-11 18:19:56 +00:00
|
|
|
* Inform the security manager that a connection ended.
|
2018-02-09 16:39:01 +00:00
|
|
|
*
|
|
|
|
|
* @param[in] params handle and reason of the disconnection.
|
|
|
|
|
*/
|
2018-02-09 16:35:16 +00:00
|
|
|
void disconnection_callback(
|
|
|
|
|
const Gap::DisconnectionCallbackParams_t* params
|
|
|
|
|
);
|
|
|
|
|
|
2018-01-29 17:57:00 +00:00
|
|
|
private:
|
2018-02-23 11:12:49 +00:00
|
|
|
struct ControlBlock_t : public pal::SecurityDistributionFlags_t {
|
|
|
|
|
ControlBlock_t();
|
|
|
|
|
|
2018-03-01 20:31:51 +00:00
|
|
|
pal::KeyDistribution get_initiator_key_distribution() {
|
|
|
|
|
return pal::KeyDistribution(initiator_key_distribution);
|
2018-02-27 23:26:34 +00:00
|
|
|
};
|
2018-03-01 20:31:51 +00:00
|
|
|
pal::KeyDistribution get_responder_key_distribution() {
|
|
|
|
|
return pal::KeyDistribution(responder_key_distribution);
|
2018-02-27 23:26:34 +00:00
|
|
|
};
|
2018-03-01 20:31:51 +00:00
|
|
|
void set_initiator_key_distribution(pal::KeyDistribution mask) {
|
2018-02-27 23:26:34 +00:00
|
|
|
initiator_key_distribution = mask.value();
|
|
|
|
|
};
|
2018-03-01 20:31:51 +00:00
|
|
|
void set_responder_key_distribution(pal::KeyDistribution mask) {
|
2018-02-27 23:26:34 +00:00
|
|
|
responder_key_distribution = mask.value();
|
|
|
|
|
};
|
|
|
|
|
|
2018-02-23 11:12:49 +00:00
|
|
|
connection_handle_t connection;
|
|
|
|
|
pal::SecurityDb::entry_handle_t db_entry;
|
|
|
|
|
|
|
|
|
|
address_t local_address; /**< address used for connection, possibly different from identity */
|
|
|
|
|
|
2018-02-27 23:26:34 +00:00
|
|
|
private:
|
|
|
|
|
uint8_t initiator_key_distribution:4;
|
|
|
|
|
uint8_t responder_key_distribution:4;
|
|
|
|
|
public:
|
2018-02-23 11:12:49 +00:00
|
|
|
uint8_t connected:1;
|
|
|
|
|
uint8_t authenticated:1; /**< have we turned encryption on during this connection */
|
|
|
|
|
uint8_t is_master:1;
|
|
|
|
|
|
|
|
|
|
uint8_t encryption_requested:1;
|
|
|
|
|
uint8_t encryption_failed:1;
|
|
|
|
|
uint8_t encrypted:1;
|
|
|
|
|
uint8_t signing_requested:1;
|
2018-02-27 23:26:34 +00:00
|
|
|
uint8_t signing_override_default:1;
|
2018-02-23 11:12:49 +00:00
|
|
|
|
|
|
|
|
uint8_t mitm_requested:1;
|
|
|
|
|
uint8_t mitm_performed:1; /**< keys exchange will have MITM protection */
|
|
|
|
|
|
|
|
|
|
uint8_t attempt_oob:1;
|
|
|
|
|
uint8_t oob_mitm_protection:1;
|
|
|
|
|
uint8_t oob_present:1;
|
|
|
|
|
};
|
|
|
|
|
|
2018-02-19 15:35:39 +00:00
|
|
|
pal::SecurityManager &_pal;
|
|
|
|
|
pal::SecurityDb &_db;
|
2018-02-19 17:46:41 +00:00
|
|
|
pal::ConnectionEventMonitor &_connection_monitor;
|
2018-01-29 17:57:00 +00:00
|
|
|
|
2018-03-01 20:31:51 +00:00
|
|
|
pal::AuthenticationMask _default_authentication;
|
|
|
|
|
pal::KeyDistribution _default_key_distribution;
|
2018-02-08 16:03:52 +00:00
|
|
|
|
2018-01-29 17:57:00 +00:00
|
|
|
bool _pairing_authorisation_required;
|
|
|
|
|
bool _legacy_pairing_allowed;
|
|
|
|
|
bool _master_sends_keys;
|
2018-02-08 16:03:52 +00:00
|
|
|
bool _public_keys_generated;
|
2018-01-29 17:57:00 +00:00
|
|
|
|
2018-02-23 13:26:13 +00:00
|
|
|
/** There is always only one OOB data set stored at a time */
|
2018-02-23 11:12:49 +00:00
|
|
|
address_t _peer_sc_oob_address;
|
2018-02-27 11:43:50 +00:00
|
|
|
oob_lesc_value_t _peer_sc_oob_random;
|
2018-02-23 11:12:49 +00:00
|
|
|
oob_confirm_t _peer_sc_oob_confirm;
|
2018-02-27 11:43:50 +00:00
|
|
|
oob_lesc_value_t _local_sc_oob_random;
|
2018-02-23 11:12:49 +00:00
|
|
|
|
|
|
|
|
static const size_t MAX_CONTROL_BLOCKS = 5;
|
|
|
|
|
ControlBlock_t _control_blocks[MAX_CONTROL_BLOCKS];
|
2018-01-29 17:57:00 +00:00
|
|
|
|
2018-02-27 17:22:13 +00:00
|
|
|
/* implements ble::pal::SecurityManager::EventHandler */
|
2018-01-29 17:57:00 +00:00
|
|
|
public:
|
|
|
|
|
////////////////////////////////////////////////////////////////////////////
|
|
|
|
|
// Pairing
|
|
|
|
|
//
|
|
|
|
|
|
2018-02-27 17:22:13 +00:00
|
|
|
/** @copydoc ble::pal::SecurityManager::on_pairing_request
|
2018-02-06 22:01:54 +00:00
|
|
|
*/
|
2018-01-29 17:57:00 +00:00
|
|
|
virtual void on_pairing_request(
|
|
|
|
|
connection_handle_t connection,
|
|
|
|
|
bool use_oob,
|
2018-03-01 20:31:51 +00:00
|
|
|
pal::AuthenticationMask authentication,
|
|
|
|
|
pal::KeyDistribution initiator_dist,
|
|
|
|
|
pal::KeyDistribution responder_dist
|
2018-01-29 17:57:00 +00:00
|
|
|
);
|
|
|
|
|
|
2018-02-27 17:22:13 +00:00
|
|
|
/** @copydoc ble::pal::SecurityManager::on_pairing_error
|
2018-02-06 22:01:54 +00:00
|
|
|
*/
|
2018-01-29 17:57:00 +00:00
|
|
|
virtual void on_pairing_error(
|
|
|
|
|
connection_handle_t connection,
|
|
|
|
|
pairing_failure_t error
|
|
|
|
|
);
|
|
|
|
|
|
2018-02-27 17:22:13 +00:00
|
|
|
/** @copydoc ble::pal::SecurityManager::on_pairing_timed_out
|
2018-02-06 22:01:54 +00:00
|
|
|
*/
|
2018-02-12 10:27:27 +00:00
|
|
|
virtual void on_pairing_timed_out(
|
|
|
|
|
connection_handle_t connection
|
|
|
|
|
);
|
2018-01-29 17:57:00 +00:00
|
|
|
|
2018-02-27 17:22:13 +00:00
|
|
|
/** @copydoc ble::pal::SecurityManager::on_pairing_completed
|
2018-02-06 22:01:54 +00:00
|
|
|
*/
|
2018-02-12 10:27:27 +00:00
|
|
|
virtual void on_pairing_completed(
|
|
|
|
|
connection_handle_t connection
|
|
|
|
|
);
|
2018-01-29 17:57:00 +00:00
|
|
|
|
|
|
|
|
////////////////////////////////////////////////////////////////////////////
|
|
|
|
|
// Security
|
|
|
|
|
//
|
|
|
|
|
|
2018-02-27 17:22:13 +00:00
|
|
|
/** @copydoc ble::pal::SecurityManager::on_valid_mic_timeout
|
2018-02-06 22:01:54 +00:00
|
|
|
*/
|
2018-02-12 10:27:27 +00:00
|
|
|
virtual void on_valid_mic_timeout(
|
|
|
|
|
connection_handle_t connection
|
|
|
|
|
);
|
2018-01-29 17:57:00 +00:00
|
|
|
|
2018-02-27 17:22:13 +00:00
|
|
|
/** @copydoc ble::pal::SecurityManager::on_slave_security_request
|
2018-02-06 22:01:54 +00:00
|
|
|
*/
|
2018-01-29 17:57:00 +00:00
|
|
|
virtual void on_slave_security_request(
|
|
|
|
|
connection_handle_t connection,
|
2018-03-01 20:31:51 +00:00
|
|
|
pal::AuthenticationMask authentication
|
2018-01-29 17:57:00 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
|
|
////////////////////////////////////////////////////////////////////////////
|
|
|
|
|
// Encryption
|
|
|
|
|
//
|
|
|
|
|
|
2018-02-27 17:22:13 +00:00
|
|
|
/** @copydoc ble::pal::SecurityManager::on_link_encryption_result
|
2018-02-06 22:01:54 +00:00
|
|
|
*/
|
2018-01-29 17:57:00 +00:00
|
|
|
virtual void on_link_encryption_result(
|
|
|
|
|
connection_handle_t connection,
|
|
|
|
|
link_encryption_t result
|
|
|
|
|
);
|
|
|
|
|
|
2018-02-27 17:22:13 +00:00
|
|
|
/** @copydoc ble::pal::SecurityManager::on_link_encryption_request_timed_out
|
2018-02-06 22:01:54 +00:00
|
|
|
*/
|
2018-01-29 17:57:00 +00:00
|
|
|
virtual void on_link_encryption_request_timed_out(
|
|
|
|
|
connection_handle_t connection
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
////////////////////////////////////////////////////////////////////////////
|
|
|
|
|
// MITM
|
|
|
|
|
//
|
2018-01-31 20:16:56 +00:00
|
|
|
|
2018-02-27 17:22:13 +00:00
|
|
|
/** @copydoc ble::pal::SecurityManager::on_passkey_display
|
2018-02-06 22:01:54 +00:00
|
|
|
*/
|
2018-01-29 17:57:00 +00:00
|
|
|
virtual void on_passkey_display(
|
|
|
|
|
connection_handle_t connection,
|
2018-01-29 22:00:53 +00:00
|
|
|
passkey_num_t passkey
|
2018-01-29 17:57:00 +00:00
|
|
|
);
|
|
|
|
|
|
2018-02-27 17:22:13 +00:00
|
|
|
/** @copydoc ble::pal::SecurityManager::on_keypress_notification
|
2018-02-06 22:01:54 +00:00
|
|
|
*/
|
2018-01-29 17:57:00 +00:00
|
|
|
virtual void on_keypress_notification(
|
|
|
|
|
connection_handle_t connection,
|
|
|
|
|
SecurityManager::Keypress_t keypress
|
|
|
|
|
);
|
|
|
|
|
|
2018-02-27 17:22:13 +00:00
|
|
|
/** @copydoc ble::pal::SecurityManager::on_passkey_request
|
2018-02-06 22:01:54 +00:00
|
|
|
*/
|
2018-02-12 10:27:27 +00:00
|
|
|
virtual void on_passkey_request(
|
|
|
|
|
connection_handle_t connection
|
|
|
|
|
);
|
2018-01-29 17:57:00 +00:00
|
|
|
|
2018-02-27 17:22:13 +00:00
|
|
|
/** @copydoc ble::pal::SecurityManager::on_confirmation_request
|
2018-02-06 22:01:54 +00:00
|
|
|
*/
|
2018-02-12 10:27:27 +00:00
|
|
|
virtual void on_confirmation_request(
|
|
|
|
|
connection_handle_t connection
|
|
|
|
|
);
|
2018-01-29 17:57:00 +00:00
|
|
|
|
2018-02-27 17:22:13 +00:00
|
|
|
/** @copydoc ble::pal::SecurityManager::on_legacy_pairing_oob_request
|
2018-02-06 22:01:54 +00:00
|
|
|
*/
|
2018-02-12 10:27:27 +00:00
|
|
|
virtual void on_legacy_pairing_oob_request(
|
|
|
|
|
connection_handle_t connection
|
|
|
|
|
);
|
2018-01-29 17:57:00 +00:00
|
|
|
|
2018-02-27 17:22:13 +00:00
|
|
|
/** @copydoc ble::pal::SecurityManager::on_oob_data_verification_request
|
2018-02-08 15:17:12 +00:00
|
|
|
*/
|
|
|
|
|
virtual void on_oob_data_verification_request(
|
|
|
|
|
connection_handle_t connection,
|
2018-02-27 11:50:04 +00:00
|
|
|
const public_key_coord_t &peer_public_key_x,
|
|
|
|
|
const public_key_coord_t &peer_public_key_y
|
2018-02-08 15:17:12 +00:00
|
|
|
);
|
|
|
|
|
|
2018-01-29 17:57:00 +00:00
|
|
|
////////////////////////////////////////////////////////////////////////////
|
|
|
|
|
// Keys
|
|
|
|
|
//
|
|
|
|
|
|
2018-02-27 17:22:13 +00:00
|
|
|
/** @copydoc ble::pal::SecurityManager::on_public_key_generated
|
2018-02-08 16:03:52 +00:00
|
|
|
*/
|
|
|
|
|
virtual void on_public_key_generated(
|
2018-02-27 11:50:04 +00:00
|
|
|
const public_key_coord_t &public_key_x,
|
|
|
|
|
const public_key_coord_t &public_key_y
|
2018-02-08 16:03:52 +00:00
|
|
|
);
|
|
|
|
|
|
2018-02-27 17:22:13 +00:00
|
|
|
/** @copydoc ble::pal::SecurityManager::on_secure_connections_ltk_generated
|
2018-02-06 22:01:54 +00:00
|
|
|
*/
|
2018-02-06 21:50:57 +00:00
|
|
|
virtual void on_secure_connections_ltk_generated(
|
|
|
|
|
connection_handle_t connection,
|
2018-02-11 18:08:21 +00:00
|
|
|
const ltk_t <k
|
2018-01-29 17:57:00 +00:00
|
|
|
);
|
|
|
|
|
|
2018-02-27 17:22:13 +00:00
|
|
|
/** @copydoc ble::pal::SecurityManager::on_keys_distributed_ltk
|
2018-02-06 22:01:54 +00:00
|
|
|
*/
|
2018-01-29 17:57:00 +00:00
|
|
|
virtual void on_keys_distributed_ltk(
|
|
|
|
|
connection_handle_t connection,
|
2018-02-11 18:08:21 +00:00
|
|
|
const ltk_t <k
|
2018-01-29 17:57:00 +00:00
|
|
|
);
|
|
|
|
|
|
2018-02-27 17:22:13 +00:00
|
|
|
/** @copydoc ble::pal::SecurityManager::on_keys_distributed_ediv_rand
|
2018-02-06 22:01:54 +00:00
|
|
|
*/
|
2018-01-29 17:57:00 +00:00
|
|
|
virtual void on_keys_distributed_ediv_rand(
|
|
|
|
|
connection_handle_t connection,
|
2018-02-11 18:08:21 +00:00
|
|
|
const ediv_t &ediv,
|
|
|
|
|
const rand_t &rand
|
2018-01-29 17:57:00 +00:00
|
|
|
);
|
|
|
|
|
|
2018-02-27 17:22:13 +00:00
|
|
|
/** @copydoc ble::pal::SecurityManager::on_keys_distributed_local_ltk
|
2018-02-06 22:01:54 +00:00
|
|
|
*/
|
2018-01-29 17:57:00 +00:00
|
|
|
virtual void on_keys_distributed_local_ltk(
|
|
|
|
|
connection_handle_t connection,
|
2018-02-11 18:08:21 +00:00
|
|
|
const ltk_t <k
|
2018-01-29 17:57:00 +00:00
|
|
|
);
|
|
|
|
|
|
2018-02-27 17:22:13 +00:00
|
|
|
/** @copydoc ble::pal::SecurityManager::on_keys_distributed_local_ediv_rand
|
2018-02-06 22:01:54 +00:00
|
|
|
*/
|
2018-01-29 17:57:00 +00:00
|
|
|
virtual void on_keys_distributed_local_ediv_rand(
|
|
|
|
|
connection_handle_t connection,
|
2018-02-11 18:08:21 +00:00
|
|
|
const ediv_t &ediv,
|
|
|
|
|
const rand_t &rand
|
2018-01-29 17:57:00 +00:00
|
|
|
);
|
|
|
|
|
|
2018-02-27 17:22:13 +00:00
|
|
|
/** @copydoc ble::pal::SecurityManager::on_keys_distributed_irk
|
2018-02-06 22:01:54 +00:00
|
|
|
*/
|
2018-01-29 17:57:00 +00:00
|
|
|
virtual void on_keys_distributed_irk(
|
|
|
|
|
connection_handle_t connection,
|
2018-02-11 18:08:21 +00:00
|
|
|
const irk_t &irk
|
2018-01-29 17:57:00 +00:00
|
|
|
);
|
|
|
|
|
|
2018-02-27 17:22:13 +00:00
|
|
|
/** @copydoc ble::pal::SecurityManager::on_keys_distributed_bdaddr
|
2018-02-06 22:01:54 +00:00
|
|
|
*/
|
2018-01-29 17:57:00 +00:00
|
|
|
virtual void on_keys_distributed_bdaddr(
|
|
|
|
|
connection_handle_t connection,
|
2018-03-01 20:31:51 +00:00
|
|
|
pal::advertising_peer_address_type_t peer_address_type,
|
2018-01-29 17:57:00 +00:00
|
|
|
const address_t &peer_identity_address
|
|
|
|
|
);
|
|
|
|
|
|
2018-02-27 17:22:13 +00:00
|
|
|
/** @copydoc ble::pal::SecurityManager::on_keys_distributed_csrk
|
2018-02-06 22:01:54 +00:00
|
|
|
*/
|
2018-01-29 17:57:00 +00:00
|
|
|
virtual void on_keys_distributed_csrk(
|
|
|
|
|
connection_handle_t connection,
|
2018-02-11 18:08:21 +00:00
|
|
|
const csrk_t &csrk
|
2018-01-29 17:57:00 +00:00
|
|
|
);
|
|
|
|
|
|
2018-02-27 17:22:13 +00:00
|
|
|
/** @copydoc ble::pal::SecurityManager::on_ltk_requeston_ltk_request
|
2018-02-06 22:01:54 +00:00
|
|
|
*/
|
2018-01-29 17:57:00 +00:00
|
|
|
virtual void on_ltk_request(
|
|
|
|
|
connection_handle_t connection,
|
2018-02-11 18:08:21 +00:00
|
|
|
const ediv_t &ediv,
|
|
|
|
|
const rand_t &rand
|
|
|
|
|
);
|
|
|
|
|
|
2018-02-27 17:22:13 +00:00
|
|
|
/** @copydoc ble::pal::SecurityManager::on_ltk_requeston_ltk_request
|
2018-02-11 18:08:21 +00:00
|
|
|
*/
|
|
|
|
|
virtual void on_ltk_request(
|
|
|
|
|
connection_handle_t connection
|
2018-01-29 17:57:00 +00:00
|
|
|
);
|
|
|
|
|
|
2018-02-27 17:22:13 +00:00
|
|
|
/* end implements ble::pal::SecurityManager::EventHandler */
|
2018-02-23 11:12:49 +00:00
|
|
|
|
|
|
|
|
/* list management */
|
|
|
|
|
|
|
|
|
|
ControlBlock_t* acquire_control_block(connection_handle_t connection);
|
|
|
|
|
|
|
|
|
|
ControlBlock_t* get_control_block(connection_handle_t connection);
|
|
|
|
|
|
|
|
|
|
ControlBlock_t* get_control_block(const address_t &peer_address);
|
|
|
|
|
|
|
|
|
|
ControlBlock_t* get_control_block(pal::SecurityDb::entry_handle_t db_entry);
|
|
|
|
|
|
|
|
|
|
void release_control_block(ControlBlock_t* entry);
|
2018-01-29 17:57:00 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
} /* namespace generic */
|
|
|
|
|
} /* namespace ble */
|
|
|
|
|
|
|
|
|
|
|
2018-02-27 17:25:57 +00:00
|
|
|
#endif /*_GENERIC_SECURITY_MANAGER_H_*/
|
