BLE: Remove Nordic Pal SM draft.

2018-03-01 15:39:51 +00:00 · 2018-03-01 15:39:51 +00:00 · 03f79eec39
parent e8f29f7327
commit 03f79eec39
2 changed files with 0 additions and 947 deletions
--- a/features/FEATURE_BLE/targets/TARGET_NORDIC/TARGET_NRF5/source/nRF5xPalSecurityManager.cpp
+++ b/features/FEATURE_BLE/targets/TARGET_NORDIC/TARGET_NRF5/source/nRF5xPalSecurityManager.cpp
@ -1,614 +0,0 @@
-/* mbed Microcontroller Library
- * Copyright (c) 2018-2018 ARM Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include "nRF5xPalSecurityManager.h"
-#include "nrf_ble.h"
-#include "nrf_ble_gap.h"
-
-namespace ble {
-namespace pal {
-namespace vendor {
-namespace nordic {
-
-namespace {
-static ble_error_t convert_sd_error(uint32_t err) {
-    // TODO: implementation
-    return err ? BLE_ERROR_UNSPECIFIED : BLE_ERROR_NONE;
-}
-}
-
-
-nRF5xSecurityManager::nRF5xSecurityManager()
-    : ::ble::pal::SecurityManager(),
-    _io_capability(io_capability_t::NO_INPUT_NO_OUTPUT),
-    _max_encryption_key_size(16)
-{
-
-}
-
-nRF5xSecurityManager::~nRF5xSecurityManager()
-{
-
-}
-
-////////////////////////////////////////////////////////////////////////////
-// SM lifecycle management
-//
-
-ble_error_t nRF5xSecurityManager::initialize()
-{
-    return BLE_ERROR_NOT_IMPLEMENTED;
-}
-
-ble_error_t nRF5xSecurityManager::terminate()
-{
-    return BLE_ERROR_NOT_IMPLEMENTED;
-}
-
-ble_error_t nRF5xSecurityManager::reset()
-{
-    return BLE_ERROR_NOT_IMPLEMENTED;
-}
-
-////////////////////////////////////////////////////////////////////////////
-// Resolving list management
-//
-
-// FIXME: on nordic, the irk is passed in sd_ble_gap_scan_start where whitelist
-// and resolving list are all mixed up.
-
-uint8_t nRF5xSecurityManager::read_resolving_list_capacity()
-{
-    // FIXME: implement
-    return 0;
-}
-
-ble_error_t nRF5xSecurityManager::add_device_to_resolving_list(
-    advertising_peer_address_type_t peer_identity_address_type,
-    const address_t &peer_identity_address,
-    const irk_t &peer_irk
-) {
-    return BLE_ERROR_NOT_IMPLEMENTED;
-}
-
-ble_error_t nRF5xSecurityManager::remove_device_from_resolving_list(
-    advertising_peer_address_type_t peer_identity_address_type,
-    const address_t &peer_identity_address
-) {
-    return BLE_ERROR_NOT_IMPLEMENTED;
-}
-
-ble_error_t nRF5xSecurityManager::clear_resolving_list()
-{
-    return BLE_ERROR_NOT_IMPLEMENTED;
-}
-
-////////////////////////////////////////////////////////////////////////////
-// Feature support
-//
-
-ble_error_t nRF5xSecurityManager::get_secure_connections_support(
-    bool &enabled
-) {
-    return BLE_ERROR_NOT_IMPLEMENTED;
-}
-
-ble_error_t nRF5xSecurityManager::set_io_capability(
-    io_capability_t io_capability
-) {
-    _io_capability = io_capability;
-    return BLE_ERROR_NONE;
-}
-
-
-////////////////////////////////////////////////////////////////////////////
-// Security settings
-//
-
-ble_error_t nRF5xSecurityManager::set_authentication_timeout(
-    connection_handle_t connection, uint16_t timeout_in_10ms
-) {
-    // NOTE: Nothing in the Nordic API to manipulate the authentication timeout
-    return BLE_ERROR_NOT_IMPLEMENTED;
-}
-
-ble_error_t nRF5xSecurityManager::get_authentication_timeout(
-    connection_handle_t connection, uint16_t &timeout_in_10ms
-) {
-    return BLE_ERROR_NOT_IMPLEMENTED;
-}
-
-ble_error_t nRF5xSecurityManager::set_encryption_key_requirements(
-    uint8_t min_encryption_key_size,
-    uint8_t max_encryption_key_size
-) {
-    _max_encryption_key_size = max_encryption_key_size;
-    return BLE_ERROR_NONE;
-}
-
-ble_error_t nRF5xSecurityManager::slave_security_request(
-    connection_handle_t connection,
-    AuthenticationMask authentication
-) {
-    return BLE_ERROR_NOT_IMPLEMENTED;
-}
-
-////////////////////////////////////////////////////////////////////////////
-// Encryption
-//
-
-ble_error_t nRF5xSecurityManager::enable_encryption(
-    connection_handle_t connection,
-    const ltk_t &ltk
-) {
-    // use sd_ble_gap_encrypt it requires:
-    //  - ediv
-    //  - rand
-    //  - ltk
-    //  - flag indicating if the key was generated with lesc
-    //  - flag indicated if the key is an authenticated key
-    //  - flag indicating the length of the ltk ???
-    return BLE_ERROR_NOT_IMPLEMENTED;
-}
-
-ble_error_t nRF5xSecurityManager::disable_encryption(connection_handle_t connection)
-{
-    // NO FUNCTION to disable encryption
-    return BLE_ERROR_NOT_IMPLEMENTED;
-}
-
-ble_error_t nRF5xSecurityManager::get_encryption_status(
-    connection_handle_t connection, LinkSecurityStatus_t &status
-) {
-    return BLE_ERROR_NOT_IMPLEMENTED;
-}
-
-ble_error_t nRF5xSecurityManager::get_encryption_key_size(
-    connection_handle_t connection, uint8_t &bitsize
-) {
-    return BLE_ERROR_NOT_IMPLEMENTED;
-}
-
-ble_error_t nRF5xSecurityManager::enable_encryption(
-    connection_handle_t connection,
-    const ltk_t &ltk,
-    const rand_t &rand,
-    const ediv_t &ediv
-) {
-    // NO FUNCTION to disable encryption
-    return BLE_ERROR_NOT_IMPLEMENTED;
-}
-
-ble_error_t nRF5xSecurityManager::encrypt_data(
-    const key_t &key,
-    encryption_block_t &data
-) {
-    // NO FUNCTION to disable encryption
-    return BLE_ERROR_NOT_IMPLEMENTED;
-}
-
-////////////////////////////////////////////////////////////////////////////
-// Privacy
-//
-
-ble_error_t nRF5xSecurityManager::set_private_address_timeout(
-    uint16_t timeout_in_seconds
-) {
-    return BLE_ERROR_NOT_IMPLEMENTED;
-}
-
-////////////////////////////////////////////////////////////////////////////
-// Keys
-//
-
-ble_error_t nRF5xSecurityManager::set_ltk_not_found(
-    connection_handle_t connection
-) {
-    // usefulness ?
-    return BLE_ERROR_NOT_IMPLEMENTED;
-}
-
-ble_error_t nRF5xSecurityManager::set_ltk(
-    connection_handle_t connection, const ltk_t &ltk
-) {
-    // usefulness ?
-    return BLE_ERROR_NOT_IMPLEMENTED;
-}
-
-ble_error_t nRF5xSecurityManager::set_irk(const irk_t& irk)
-{
-    memcpy(_irk.buffer(), irk.data(), _csrk.size());
-    return BLE_ERROR_NONE;
-}
-
-ble_error_t nRF5xSecurityManager::set_csrk(const csrk_t& csrk)
-{
-    memcpy(_csrk.buffer(), csrk.data(), _csrk.size());
-    return BLE_ERROR_NONE;
-}
-
-////////////////////////////////////////////////////////////////////////////
-// Authentication
-//
-
-ble_error_t nRF5xSecurityManager::send_pairing_request(
-    connection_handle_t connection,
-    bool oob_data_flag,
-    AuthenticationMask authentication_requirements,
-    KeyDistribution initiator_dist,
-    KeyDistribution responder_dist
-) {
-    ble_gap_sec_params_t security_params = {
-        /* bond */ authentication_requirements.get_bondable(),
-        /* mitm */ authentication_requirements.get_mitm(),
-        /* lesc */ authentication_requirements.get_secure_connections(),
-        /* keypress */ authentication_requirements.get_keypress_notification(),
-        /* io_caps */ _io_capability.value(),
-        /* oob */ oob_data_flag,
-        /* min_key_size */ 7, // FIXME!
-        /* max_key_size */ _max_encryption_key_size,
-        /* kdist_periph */ {
-            /* enc */ responder_dist.get_encryption(),
-            /* id */ responder_dist.get_identity(),
-            /* sign */ responder_dist.get_signing(),
-            /* link */ responder_dist.get_link()
-        },
-        /* kdist_central */ {
-            /* enc */ initiator_dist.get_encryption(),
-            /* id */ initiator_dist.get_identity(),
-            /* sign */ initiator_dist.get_signing(),
-            /* link */ initiator_dist.get_link()
-        }
-    };
-
-    uint32_t err = sd_ble_gap_authenticate(
-        connection,
-        &security_params
-    );
-
-    return convert_sd_error(err);
-}
-
-ble_error_t nRF5xSecurityManager::send_pairing_response(
-    connection_handle_t connection,
-    bool oob_data_flag,
-    AuthenticationMask authentication_requirements,
-    KeyDistribution initiator_dist,
-    KeyDistribution responder_dist
-) {
-    ble_gap_sec_params_t security_params = {
-        /* bond */ authentication_requirements.get_bondable(),
-        /* mitm */ authentication_requirements.get_mitm(),
-        /* lesc */ authentication_requirements.get_secure_connections(),
-        /* keypress */ authentication_requirements.get_keypress_notification(),
-        /* io_caps */ _io_capability.value(),
-        /* oob */ oob_data_flag,
-        /* min_key_size */ 7, // FIXME!
-        /* max_key_size */ _max_encryption_key_size,
-        /* kdist_periph */ {
-            /* enc */ responder_dist.get_encryption(),
-            /* id */ responder_dist.get_identity(),
-            /* sign */ responder_dist.get_signing(),
-            /* link */ responder_dist.get_link()
-        },
-        /* kdist_central */ {
-            /* enc */ initiator_dist.get_encryption(),
-            /* id */ initiator_dist.get_identity(),
-            /* sign */ initiator_dist.get_signing(),
-            /* link */ initiator_dist.get_link()
-        }
-    };
-
-    ble_gap_sec_keyset_t keyset = {
-        /* keys_own */ {
-            /* encryption key */ NULL,
-            /* id key */ NULL, /* FIXME: pass in the IRK mixed up with address ?!?*/
-            /* signing key */ NULL, /* FIXME: put _csrk in the type of data structure used by nordic */
-            /* P-256 Public Key */ NULL
-        },
-        /* keys_peer */ {
-            // FIXME: The softdevice requires the application to maintain this memory chunk ...
-        }
-    };
-
-    uint32_t err = sd_ble_gap_sec_params_reply(
-        connection,
-        /* status */ BLE_GAP_SEC_STATUS_SUCCESS,
-        /* params */ &security_params,
-        /* keys ... */ &keyset
-    );
-
-    return convert_sd_error(err);
-}
-
-ble_error_t nRF5xSecurityManager::cancel_pairing(
-    connection_handle_t connection, pairing_failure_t reason
-) {
-    // FIXME: there is no fixed function that can be used to cancel pairing all
-    // the time. However sd_ble_gap_sec_params_reply should be used to cancel a
-    // pairing after a pairing request.
-
-    // sd_ble_gap_auth_key_reply should be used to cancel pairing when a key
-    // entered by the user is required.
-
-    uint32_t err = sd_ble_gap_sec_params_reply(
-        connection,
-        /* status */ reason.value() | 0x80,
-        /* params */ NULL,
-        /* keys ... */ NULL
-    );
-
-    return convert_sd_error(err);
-}
-
-ble_error_t nRF5xSecurityManager::request_authentication(connection_handle_t connection)
-{
-    uint8_t authentication_requirements;
-    // FIXME: need authentication requirements from the caller
-    ble_gap_sec_params_t security_params = {
-        /* bond */ static_cast<uint8_t>((authentication_requirements >> 0) & 3),
-        /* mitm */static_cast<uint8_t>((authentication_requirements >> 2) & 1),
-        /* lesc */ static_cast<uint8_t>((authentication_requirements >> 3) & 1),
-        /* keypress */ static_cast<uint8_t>((authentication_requirements >> 4) & 1)
-        /* other parameters ignored ??? TODO: check*/
-    };
-
-    uint32_t err = sd_ble_gap_authenticate(
-        connection,
-        &security_params
-    );
-
-    return convert_sd_error(err);
-}
-
-ble_error_t nRF5xSecurityManager::get_random_data(byte_array_t<8> &random_data)
-{
-    return BLE_ERROR_NOT_IMPLEMENTED;
-}
-
-ble_error_t nRF5xSecurityManager::generate_public_key()
-{
-    return BLE_ERROR_NOT_IMPLEMENTED;
-}
-
-
-////////////////////////////////////////////////////////////////////////////
-// MITM
-//
-
-ble_error_t nRF5xSecurityManager::set_display_passkey(
-    passkey_num_t passkey
-) {
-    return BLE_ERROR_NOT_IMPLEMENTED;
-}
-
-ble_error_t nRF5xSecurityManager::passkey_request_reply(
-    connection_handle_t connection, const passkey_num_t passkey
-) {
-    uint32_t err = sd_ble_gap_auth_key_reply(
-        connection,
-        BLE_GAP_AUTH_KEY_TYPE_PASSKEY,
-        /* FIXME: convert passkey_num into and asci key */ NULL
-    );
-
-    return convert_sd_error(err);
-}
-
-ble_error_t nRF5xSecurityManager::legacy_pairing_oob_data_request_reply(
-    connection_handle_t connection, const oob_tk_t& oob_data
-) {
-    uint32_t err = sd_ble_gap_auth_key_reply(
-        connection,
-        BLE_GAP_AUTH_KEY_TYPE_OOB,
-        oob_data.data()
-    );
-
-    return convert_sd_error(err);
-}
-
-ble_error_t nRF5xSecurityManager::confirmation_entered(
-    connection_handle_t connection, bool confirmation
-) {
-    return BLE_ERROR_NOT_IMPLEMENTED;
-}
-
-ble_error_t nRF5xSecurityManager::send_keypress_notification(
-    connection_handle_t connection, Keypress_t keypress
-) {
-    return BLE_ERROR_NOT_IMPLEMENTED;
-}
-
-ble_error_t nRF5xSecurityManager::oob_data_verified(
-    connection_handle_t connection,
-    const oob_lesc_value_t &local_random,
-    const oob_lesc_value_t &peer_random
-) {
-    return BLE_ERROR_NOT_IMPLEMENTED;
-}
-
-nRF5xSecurityManager& nRF5xSecurityManager::get_security_manager()
-{
-    static nRF5xSecurityManager _security_manager;
-    return _security_manager;
-}
-
-bool nRF5xSecurityManager::sm_handler(const ble_evt_t *evt)
-{
-    SecurityManagerEventHandler* handler =
-        get_security_manager().get_event_handler();
-
-    if ((evt == NULL) || (handler == NULL)) {
-        return false;
-    }
-
-    const ble_gap_evt_t& gap_evt = evt->evt.gap_evt;
-    uint16_t connection = gap_evt.conn_handle;
-
-    switch (evt->header.evt_id) {
-        case BLE_GAP_EVT_SEC_PARAMS_REQUEST: {
-            const ble_gap_sec_params_t& params =
-                gap_evt.params.sec_params_request.peer_params;
-
-            AuthenticationMask authentication_requirements(
-                params.bond,
-                params.mitm,
-                params.lesc,
-                params.keypress
-            );
-
-            KeyDistribution initiator_dist(
-                params.kdist_peer.enc,
-                params.kdist_peer.id,
-                params.kdist_peer.sign,
-                params.kdist_peer.link
-            );
-
-            KeyDistribution responder_dist(
-                params.kdist_own.enc,
-                params.kdist_own.id,
-                params.kdist_own.sign,
-                params.kdist_own.link
-            );
-
-            // FIXME: pass min key size
-            handler->on_pairing_request(
-                connection,
-                params.oob,
-                authentication_requirements,
-                initiator_dist,
-                responder_dist
-            );
-            return true;
-        }
-
-        case BLE_GAP_EVT_SEC_INFO_REQUEST: {
-            const ble_gap_evt_sec_info_request_t& req =
-                gap_evt.params.sec_info_request;
-
-            handler->on_ltk_request(
-                connection,
-                ediv_t((uint8_t*)(&req.master_id.ediv)),
-                rand_t(req.master_id.rand)
-            );
-
-            return true;
-        }
-
-        case BLE_GAP_EVT_PASSKEY_DISPLAY: {
-            const ble_gap_evt_passkey_display_t& req =
-                gap_evt.params.passkey_display;
-
-            if (req.match_request == 0) {
-                handler->on_passkey_display(
-                    connection,
-                    0 /* TODO: conversion of req.passkey into a numerical passkey */
-                );
-            } else {
-                // handle this case for secure pairing
-            }
-
-            return true;
-        }
-
-        case BLE_GAP_EVT_KEY_PRESSED:
-            // TODO: add with LESC support
-            return true;
-
-        case BLE_GAP_EVT_AUTH_KEY_REQUEST: {
-            uint8_t key_type = gap_evt.params.auth_key_request.key_type;
-
-            switch (key_type) {
-                case BLE_GAP_AUTH_KEY_TYPE_NONE:
-                    break;
-
-                case BLE_GAP_AUTH_KEY_TYPE_PASSKEY:
-                    handler->on_passkey_request(connection);
-                    break;
-
-                case BLE_GAP_AUTH_KEY_TYPE_OOB:
-                    handler->on_legacy_pairing_oob_request(connection);
-                    break;
-            }
-
-            return true;
-        }
-
-        case BLE_GAP_EVT_LESC_DHKEY_REQUEST:
-            // TODO: Add with LESC support
-            return true;
-
-        case BLE_GAP_EVT_AUTH_STATUS: {
-            const ble_gap_evt_auth_status_t& status =
-                gap_evt.params.auth_status;
-
-            switch (status.auth_status) {
-                case BLE_GAP_SEC_STATUS_SUCCESS:
-                    // FIXME: needs success handler
-                    break;
-                case BLE_GAP_SEC_STATUS_TIMEOUT:
-                    // FIXME: needs timeout handler
-                    break;
-
-                case BLE_GAP_SEC_STATUS_PASSKEY_ENTRY_FAILED:
-                case BLE_GAP_SEC_STATUS_OOB_NOT_AVAILABLE:
-                case BLE_GAP_SEC_STATUS_AUTH_REQ:
-                case BLE_GAP_SEC_STATUS_CONFIRM_VALUE:
-                case BLE_GAP_SEC_STATUS_PAIRING_NOT_SUPP:
-                case BLE_GAP_SEC_STATUS_ENC_KEY_SIZE:
-                case BLE_GAP_SEC_STATUS_SMP_CMD_UNSUPPORTED:
-                case BLE_GAP_SEC_STATUS_UNSPECIFIED:
-                case BLE_GAP_SEC_STATUS_REPEATED_ATTEMPTS:
-                case BLE_GAP_SEC_STATUS_INVALID_PARAMS:
-                case BLE_GAP_SEC_STATUS_DHKEY_FAILURE:
-                case BLE_GAP_SEC_STATUS_NUM_COMP_FAILURE:
-                case BLE_GAP_SEC_STATUS_BR_EDR_IN_PROG:
-                case BLE_GAP_SEC_STATUS_X_TRANS_KEY_DISALLOWED:
-                    handler->on_pairing_error(
-                        connection,
-                        (pairing_failure_t::type) (status.auth_status & 0xF)
-                    );
-                    break;
-
-                default:
-                    break;
-            }
-
-
-            return true;
-        }
-
-        case BLE_GAP_EVT_CONN_SEC_UPDATE:
-            // FIXME: Invoke handler indicating the link encryption
-            return true;
-
-        case BLE_GAP_EVT_TIMEOUT:
-            // FIXME: forward event when available
-            return true;
-
-        case BLE_GAP_EVT_SEC_REQUEST:
-            // FIXME: forward event when available
-            return true;
-
-        default:
-            return false;
-    }
-}
-
-} // nordic
-} // vendor
-} // pal
-} // ble
-
--- a/features/FEATURE_BLE/targets/TARGET_NORDIC/TARGET_NRF5/source/nRF5xPalSecurityManager.h
+++ b/features/FEATURE_BLE/targets/TARGET_NORDIC/TARGET_NRF5/source/nRF5xPalSecurityManager.h
@ -1,333 +0,0 @@
-/* mbed Microcontroller Library
- * Copyright (c) 2018-2018 ARM Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef NRF5X_PAL_SECURITY_MANAGER_
-#define NRF5X_PAL_SECURITY_MANAGER_
-
-#include "ble/pal/PalSecurityManager.h"
-#include "nrf_ble.h"
-
-namespace ble {
-namespace pal {
-namespace vendor {
-namespace nordic {
-
-class nRF5xSecurityManager : public ::ble::pal::SecurityManager {
-public:
-    nRF5xSecurityManager();
-
-    virtual ~nRF5xSecurityManager();
-
-    ////////////////////////////////////////////////////////////////////////////
-    // SM lifecycle management
-    //
-
-    /**
-     * @see ::ble::pal::SecurityManager::initialize
-     */
-    virtual ble_error_t initialize();
-
-    /**
-     * @see ::ble::pal::SecurityManager::terminate
-     */
-    virtual ble_error_t terminate();
-
-    /**
-     * @see ::ble::pal::SecurityManager::reset
-     */
-    virtual ble_error_t reset() ;
-
-    ////////////////////////////////////////////////////////////////////////////
-    // Resolving list management
-    //
-
-    /**
-     * @see ::ble::pal::SecurityManager::read_resolving_list_capacity
-     */
-    virtual uint8_t read_resolving_list_capacity();
-
-    /**
-     * @see ::ble::pal::SecurityManager::add_device_to_resolving_list
-     */
-    virtual ble_error_t add_device_to_resolving_list(
-        advertising_peer_address_type_t peer_identity_address_type,
-        const address_t &peer_identity_address,
-        const irk_t &peer_irk
-    );
-
-    /**
-     * @see ::ble::pal::SecurityManager::remove_device_from_resolving_list
-     */
-    virtual ble_error_t remove_device_from_resolving_list(
-        advertising_peer_address_type_t peer_identity_address_type,
-        const address_t &peer_identity_address
-    );
-
-    /**
-     * @see ::ble::pal::SecurityManager::clear_resolving_list
-     */
-    virtual ble_error_t clear_resolving_list();
-
-    ////////////////////////////////////////////////////////////////////////////
-    // Feature support
-    //
-
-    /**
-     * @see ::ble::pal::SecurityManager::get_secure_connections_support
-     */
-    virtual ble_error_t get_secure_connections_support(
-        bool &enabled
-    );
-
-    /**
-     * @see ::ble::pal::SecurityManager::set_io_capability
-     */
-    virtual ble_error_t set_io_capability(
-        io_capability_t io_capability
-    );
-
-    ////////////////////////////////////////////////////////////////////////////
-    // Security settings
-    //
-
-    /**
-     * @see ::ble::pal::SecurityManager::set_authentication_timeout
-     */
-    virtual ble_error_t set_authentication_timeout(
-        connection_handle_t, uint16_t timeout_in_10ms
-    );
-
-    /**
-     * @see ::ble::pal::SecurityManager::get_authentication_timeout
-     */
-    virtual ble_error_t get_authentication_timeout(
-        connection_handle_t, uint16_t &timeout_in_10ms
-    );
-
-    /**
-     * @see ::ble::pal::SecurityManager::set_encryption_key_requirements
-     */
-    virtual ble_error_t set_encryption_key_requirements(
-        uint8_t min_encryption_key_size,
-        uint8_t max_encryption_key_size
-    );
-
-    /**
-     * @see ::ble::pal::SecurityManager::slave_security_request
-     */
-    virtual ble_error_t slave_security_request(
-        connection_handle_t connection,
-        AuthenticationMask authentication
-    );
-
-    ////////////////////////////////////////////////////////////////////////////
-    // Encryption
-    //
-
-    /**
-     * @see ::ble::pal::SecurityManager::enable_encryption
-     */
-    virtual ble_error_t enable_encryption(
-        connection_handle_t connection,
-        const ltk_t &ltk
-    );
-
-    /**
-     * @see ::ble::pal::SecurityManager::disable_encryption
-     */
-    virtual ble_error_t disable_encryption(connection_handle_t connection);
-
-    /**
-     * @see ::ble::pal::SecurityManager::get_encryption_status
-     */
-    virtual ble_error_t get_encryption_status(
-        connection_handle_t connection, LinkSecurityStatus_t &status
-    );
-
-    /**
-     * @see ::ble::pal::SecurityManager::get_encryption_key_size
-     */
-    virtual ble_error_t get_encryption_key_size(
-        connection_handle_t, uint8_t &bitsize
-    );
-
-    /**
-     * @see ::ble::pal::SecurityManager::enable_encryption
-     */
-    virtual ble_error_t enable_encryption(
-        connection_handle_t connection,
-        const ltk_t &ltk,
-        const rand_t &rand,
-        const ediv_t &ediv
-    );
-
-    /**
-     * @see ::ble::pal::SecurityManager::encrypt_data
-     */
-    virtual ble_error_t encrypt_data(
-        const byte_array_t<16> &key,
-        encryption_block_t &data
-    );
-
-    ////////////////////////////////////////////////////////////////////////////
-    // Privacy
-    //
-
-    /**
-     * @see ::ble::pal::SecurityManager::set_private_address_timeout
-     */
-    virtual ble_error_t set_private_address_timeout(uint16_t timeout_in_seconds);
-
-    ////////////////////////////////////////////////////////////////////////////
-    // Keys
-    //
-
-    /**
-     * @see ::ble::pal::SecurityManager::set_ltk
-     */
-    virtual ble_error_t set_ltk(connection_handle_t connection, const ltk_t &ltk);
-
-    /**
-     * @see ::ble::pal::SecurityManager::set_ltk
-     */
-    virtual ble_error_t set_ltk_not_found(connection_handle_t connection);
-
-    /**
-     * @see ::ble::pal::SecurityManager::set_irk
-     */
-    virtual ble_error_t set_irk(const irk_t& irk);
-
-    /**
-     * @see ::ble::pal::SecurityManager::set_csrk
-     */
-    virtual ble_error_t set_csrk(const csrk_t& csrk);
-
-    ////////////////////////////////////////////////////////////////////////////
-    // Authentication
-    //
-
-    /**
-     * @see ::ble::pal::SecurityManager::send_pairing_request
-     */
-    virtual ble_error_t send_pairing_request(
-        connection_handle_t connection,
-        bool oob_data_flag,
-        AuthenticationMask authentication_requirements,
-        KeyDistribution initiator_dist,
-        KeyDistribution responder_dist
-    );
-
-    /**
-     * @see ::ble::pal::SecurityManager::send_pairing_response
-     */
-    virtual ble_error_t send_pairing_response(
-        connection_handle_t connection,
-        bool oob_data_flag,
-        AuthenticationMask authentication_requirements,
-        KeyDistribution initiator_dist,
-        KeyDistribution responder_dist
-    );
-
-    /**
-     * @see ::ble::pal::SecurityManager::cancel_pairing
-     */
-    virtual ble_error_t cancel_pairing(
-        connection_handle_t connection, pairing_failure_t reason
-    );
-
-    /**
-     * @see ::ble::pal::SecurityManager::request_authentication
-     */
-    virtual ble_error_t request_authentication(connection_handle_t connection);
-
-    /**
-     * @see ::ble::pal::SecurityManager::get_random_data
-     */
-    virtual ble_error_t get_random_data(byte_array_t<8> &random_data);
-
-    /**
-     * @see ::ble::pal::SecurityManager::generate_public_key
-     */
-    virtual ble_error_t generate_public_key();
-
-    ////////////////////////////////////////////////////////////////////////////
-    // MITM
-    //
-
-    /**
-     * @see ::ble::pal::SecurityManager::set_display_passkey
-     */
-    virtual ble_error_t set_display_passkey(
-        passkey_num_t passkey
-    );
-
-    /**
-     * @see ::ble::pal::SecurityManager::passkey_request_reply
-     */
-    virtual ble_error_t passkey_request_reply(
-        connection_handle_t connection, const passkey_num_t passkey
-    );
-
-    /**
-     * @see ::ble::pal::SecurityManager::oob_data_request_reply
-     */
-    virtual ble_error_t legacy_pairing_oob_data_request_reply(
-        connection_handle_t connection, const oob_tk_t& oob_data
-    );
-
-    /**
-     * @see ::ble::pal::SecurityManager::confirmation_entered
-     */
-    virtual ble_error_t confirmation_entered(
-        connection_handle_t connection, bool confirmation
-    );
-
-    /**
-     * @see ::ble::pal::SecurityManager::send_keypress_notification
-     */
-    virtual ble_error_t send_keypress_notification(
-        connection_handle_t connection, Keypress_t keypress
-    );
-
-    /**
-     * @see ::ble::pal::SecurityManager::oob_data_verified
-     */
-    virtual ble_error_t oob_data_verified(
-        connection_handle_t connection,
-        const oob_lesc_value_t &local_random,
-        const oob_lesc_value_t &peer_random
-    );
-
-    // singleton of nordic Security Manager
-    static nRF5xSecurityManager& get_security_manager();
-
-    // Event handler
-    // FIXME: set proper event handling type
-    static bool sm_handler(const ble_evt_t *evt);
-
-private:
-    irk_t _irk;
-    csrk_t _csrk;
-    io_capability_t _io_capability;
-    uint8_t _max_encryption_key_size;
-};
-
-} // nordic
-} // vendor
-} // pal
-} // ble
-
-#endif /* NRF5X_PAL_SECURITY_MANAGER_ */