ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

BLE SecurityManager: remove legacy event callbacks and deprecated API

pull/12742/head
Lingkai Dong 2020-04-01 13:16:16 +01:00
parent c8ab263388
commit 1a89b7718c
3 changed files with 1 additions and 219 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

205
features/FEATURE_BLE/ble/SecurityManager.h
View File

@ -213,17 +213,6 @@ public:
SECURITY_MODE_SIGNED_WITH_MITM, /**< Require signing or encryption, and MITM protection. */
};
/**
* @brief Defines possible security status or states.
*
* @details Defines possible security status or states of a link when requested by getLinkSecurity().
*/
enum LinkSecurityStatus_t {
NOT_ENCRYPTED, /**< The link is not secured. */
ENCRYPTION_IN_PROGRESS, /**< Link security is being established.*/
ENCRYPTED /**< The link is secure.*/
};
/** Input/output capability of the device and application */
enum SecurityIOCapabilities_t {
IO_CAPS_DISPLAY_ONLY = 0x00, /**< Display only. */
@ -263,13 +252,6 @@ public:
typedef FunctionPointerWithContext<const SecurityManager *> SecurityManagerShutdownCallback_t;
typedef CallChainOfFunctionPointersWithContext<const SecurityManager *> SecurityManagerShutdownCallbackChain_t;
/* legacy callbacks, please use SecurityManagerEventHandler instead */
typedef void (*HandleSpecificEvent_t)(ble::connection_handle_t connectionHandle);
typedef void (*SecuritySetupInitiatedCallback_t)(ble::connection_handle_t, bool allowBonding, bool requireMITM, SecurityIOCapabilities_t iocaps);
typedef void (*SecuritySetupCompletedCallback_t)(ble::connection_handle_t, SecurityCompletionStatus_t status);
typedef void (*LinkSecuredCallback_t)(ble::connection_handle_t connectionHandle, SecurityMode_t securityMode);
typedef void (*PasskeyDisplayCallback_t)(ble::connection_handle_t connectionHandle, const Passkey_t passkey);
/** The stack will use these functions to signal events to the application,
* subclass to override handlers. Use SecurityManager::setSecurityManagerEventHandler
* to set the interface implementation to be used. */
@ -880,141 +862,6 @@ protected:
~SecurityManager() { };
public:
/**
* @deprecated use generateWhitelistFromBondTable instead
*
* Get a list of addresses from all peers in the bond table.
*
* @param[in,out] addresses
* (on input) addresses.capacity contains the maximum
* number of addresses to be returned.
* (on output) The populated table with copies of the
* addresses in the implementation's whitelist.
*
* @retval BLE_ERROR_NONE On success, else an error code indicating reason for failure.
* @retval BLE_ERROR_INVALID_STATE If the API is called without module initialization or
* application registration.
*/
ble_error_t getAddressesFromBondTable(::Gap::Whitelist_t &addresses) const;
/**
* @deprecated
*
* Get the security status of a connection.
*
* @param[in] connectionHandle Handle to identify the connection.
* @param[out] securityStatus Security status.
*
* @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
*/
ble_error_t getLinkSecurity(ble::connection_handle_t connectionHandle, LinkSecurityStatus_t *securityStatus) {
ble::link_encryption_t encryption(ble::link_encryption_t::NOT_ENCRYPTED);
ble_error_t err = getLinkEncryption(connectionHandle, &encryption);
if (err) {
return err;
}
switch (encryption.value()) {
case ble::link_encryption_t::NOT_ENCRYPTED:
*securityStatus = NOT_ENCRYPTED;
break;
case ble::link_encryption_t::ENCRYPTION_IN_PROGRESS:
*securityStatus = ENCRYPTION_IN_PROGRESS;
break;
case ble::link_encryption_t::ENCRYPTED:
case ble::link_encryption_t::ENCRYPTED_WITH_MITM:
case ble::link_encryption_t::ENCRYPTED_WITH_SC_AND_MITM:
*securityStatus = ENCRYPTED;
break;
default:
// should never happen
MBED_ASSERT(false);
*securityStatus = NOT_ENCRYPTED;
break;
}
return BLE_ERROR_NONE;
}
/**
* @deprecated
*
* To indicate that a security procedure for the link has started.
*/
void onSecuritySetupInitiated(SecuritySetupInitiatedCallback_t callback) {
defaultEventHandler.securitySetupInitiatedCallback = callback;
}
/**
* @deprecated
*
* To indicate that the security procedure for the link has completed.
*/
void onSecuritySetupCompleted(SecuritySetupCompletedCallback_t callback) {
defaultEventHandler.securitySetupCompletedCallback = callback;
}
/**
* @deprecated
*
* To indicate that the link with the peer is secured. For bonded devices,
* subsequent reconnections with a bonded peer will result only in this callback
* when the link is secured; setup procedures will not occur (unless the
* bonding information is either lost or deleted on either or both sides).
*/
void onLinkSecured(LinkSecuredCallback_t callback) {
defaultEventHandler.linkSecuredCallback = callback;
}
/**
* @deprecated
*
* To indicate that device context is stored persistently.
*/
void onSecurityContextStored(HandleSpecificEvent_t callback) {
defaultEventHandler.securityContextStoredCallback = callback;
}
/** @deprecated
*
* To set the callback for when the passkey needs to be displayed on a peripheral with DISPLAY capability.
*/
void onPasskeyDisplay(PasskeyDisplayCallback_t callback) {
defaultEventHandler.passkeyDisplayCallback = callback;
}
/* Entry points for the underlying stack to report events back to the user. */
public:
/** @deprecated */
void processSecuritySetupInitiatedEvent(ble::connection_handle_t connectionHandle, bool allowBonding, bool requireMITM, SecurityIOCapabilities_t iocaps) {
if (defaultEventHandler.securitySetupInitiatedCallback) {
defaultEventHandler.securitySetupInitiatedCallback(connectionHandle, allowBonding, requireMITM, iocaps);
}
}
/** @deprecated */
void processSecuritySetupCompletedEvent(ble::connection_handle_t connectionHandle, SecurityCompletionStatus_t status) {
eventHandler->pairingResult(connectionHandle, status);
}
/** @deprecated */
void processLinkSecuredEvent(ble::connection_handle_t connectionHandle, SecurityMode_t securityMode) {
if (securityMode == SECURITY_MODE_ENCRYPTION_NO_MITM) {
eventHandler->linkEncryptionResult(connectionHandle, ble::link_encryption_t::ENCRYPTED);
} else {
eventHandler->linkEncryptionResult(connectionHandle, ble::link_encryption_t::NOT_ENCRYPTED);
}
}
/** @deprecated */
void processSecurityContextStoredEvent(ble::connection_handle_t connectionHandle) {
if (defaultEventHandler.securityContextStoredCallback) {
defaultEventHandler.securityContextStoredCallback(connectionHandle);
}
}
/** @deprecated */
void processPasskeyDisplayEvent(ble::connection_handle_t connectionHandle, const Passkey_t passkey) {
eventHandler->passkeyDisplay(connectionHandle, passkey);
}
protected:
/* --- _virtual_ implementations declaration --- */
@ -1136,62 +983,12 @@ protected:
bool authenticated
);
ble_error_t getAddressesFromBondTable_(::Gap::Whitelist_t &addresses) const;
private:
/* Legacy compatibility with old callbacks (from both sides so any
* combination of new and old works) */
class LegacyEventHandler : public EventHandler {
public:
LegacyEventHandler() :
securitySetupInitiatedCallback(),
securitySetupCompletedCallback(),
linkSecuredCallback(),
securityContextStoredCallback(),
passkeyDisplayCallback() { };
virtual void pairingResult(ble::connection_handle_t connectionHandle, SecurityCompletionStatus_t result) {
if (securitySetupCompletedCallback) {
securitySetupCompletedCallback(connectionHandle, result);
}
}
virtual void linkEncryptionResult(ble::connection_handle_t connectionHandle, ble::link_encryption_t result) {
if (linkSecuredCallback) {
SecurityMode_t securityMode;
if (result == ble::link_encryption_t::ENCRYPTED) {
securityMode = SECURITY_MODE_ENCRYPTION_NO_MITM;
} else if (
result == ble::link_encryption_t::ENCRYPTED_WITH_MITM ||
result == ble::link_encryption_t::ENCRYPTED_WITH_SC_AND_MITM
) {
securityMode = SECURITY_MODE_ENCRYPTION_WITH_MITM;
} else {
securityMode = SECURITY_MODE_ENCRYPTION_OPEN_LINK;
}
linkSecuredCallback(connectionHandle, securityMode);
}
};
virtual void passkeyDisplay(ble::connection_handle_t connectionHandle, const Passkey_t passkey) {
if (passkeyDisplayCallback) {
passkeyDisplayCallback(connectionHandle, passkey);
}
};
SecuritySetupInitiatedCallback_t securitySetupInitiatedCallback;
SecuritySetupCompletedCallback_t securitySetupCompletedCallback;
LinkSecuredCallback_t linkSecuredCallback;
HandleSpecificEvent_t securityContextStoredCallback;
PasskeyDisplayCallback_t passkeyDisplayCallback;
};
private:
SecurityManagerShutdownCallbackChain_t shutdownCallChain;
protected:
EventHandler* eventHandler;
LegacyEventHandler defaultEventHandler;
EventHandler defaultEventHandler;
};

1
features/FEATURE_BLE/ble/pal/PalSecurityManager.h
View File

@ -30,7 +30,6 @@ namespace pal {
typedef ::SecurityManager::SecurityCompletionStatus_t SecurityCompletionStatus_t;
typedef ::SecurityManager::SecurityMode_t SecurityMode_t;
typedef ::SecurityManager::LinkSecurityStatus_t LinkSecurityStatus_t;
typedef ::SecurityManager::Keypress_t Keypress_t;
/**

14
features/FEATURE_BLE/source/SecurityManager.tpp
View File

@ -247,20 +247,6 @@ ble_error_t SecurityManager<Impl>::getSigningKey(
return impl()->getSigningKey_(connectionHandle, authenticated);
}
template <class Impl>
ble_error_t SecurityManager<Impl>::getAddressesFromBondTable(
::Gap::Whitelist_t &addresses
) const {
return impl()->getAddressesFromBondTable_(addresses);
}
template <class Impl>
ble_error_t SecurityManager<Impl>::getAddressesFromBondTable_(
::Gap::Whitelist_t &addresses
) const {
return BLE_ERROR_NOT_IMPLEMENTED;
}
/* ------------------------ Dummy implementations --------------------------- */
template <class Impl>