From 1ee56f6b83b863f987d1ce6429bec5e38306375b Mon Sep 17 00:00:00 2001 From: Vincent Coubard Date: Mon, 15 Jan 2018 14:25:27 +0000 Subject: [PATCH] Convert SecurityManagerEventHandler into a pure interface. Convert most functions of SecurityManager into virtual pure functions. Protect access to the get_event_handler function and remove function set_app_event_handler. --- .../FEATURE_BLE/ble/pal/PalSecurityManager.h | 500 +++++++----------- 1 file changed, 186 insertions(+), 314 deletions(-) diff --git a/features/FEATURE_BLE/ble/pal/PalSecurityManager.h b/features/FEATURE_BLE/ble/pal/PalSecurityManager.h index cf752a9954..5a4e603abb 100644 --- a/features/FEATURE_BLE/ble/pal/PalSecurityManager.h +++ b/features/FEATURE_BLE/ble/pal/PalSecurityManager.h @@ -98,380 +98,252 @@ struct bonded_list_t { uint8_t capacity; /**< number of entries that can be stored */ }; +/** + * Handle events generated by ble::pal::SecurityManager + */ class SecurityManagerEventHandler { - SecurityManagerEventHandler() : _app_event_handler(NULL) { }; - virtual void security_setup_initiated(connection_handle_t handle, bool allow_bonding, - bool require_mitm, SecurityIOCapabilities_t iocaps) { - if (_app_event_handler) { - _app_event_handler->securitySetupInitiated(handle, allow_bonding, require_mitm, iocaps); - } - } - virtual void security_setup_completed(connection_handle_t handle, - SecurityManager::SecurityCompletionStatus_t status) { - if (_app_event_handler) { - _app_event_handler->securitySetupCompleted(handle, status); - } - } - virtual void link_secured(connection_handle_t handle, SecurityManager::SecurityMode_t security_mode) { - if (_app_event_handler) { - _app_event_handler->linkSecured(handle, security_mode); - } - } +public: + virtual void security_setup_initiated( + connection_handle_t handle, + bool allow_bonding, + bool require_mitm, + SecurityIOCapabilities_t iocaps + ) = 0; - virtual void security_context_stored(connection_handle_t handle) { - if (_app_event_handler) { - _app_event_handler->securityContextStored(handle); - } - } - virtual void passkey_display(connection_handle_t handle, const passkey_t passkey) { - if (_app_event_handler) { - _app_event_handler->passkeyDisplay(handle, passkey); - } - } + virtual void security_setup_completed( + connection_handle_t handle, + SecurityManager::SecurityCompletionStatus_t status + ) = 0; - virtual void valid_mic_timeout(connection_handle_t handle) { - if (_app_event_handler) { - _app_event_handler->validMicTimeout(handle); - } - } + virtual void link_secured( + connection_handle_t handle, SecurityManager::SecurityMode_t security_mode + ) = 0; - virtual void link_key_failure(connection_handle_t handle) { - if (_app_event_handler) { - _app_event_handler->linkKeyFailure(handle); - } - } + virtual void security_context_stored(connection_handle_t handle) = 0; - virtual void keypress_notification(connection_handle_t handle, SecurityManager::Keypress_t keypress) { - if (_app_event_handler) { - _app_event_handler->keypressNotification(handle, keypress); - } - } + virtual void passkey_display(connection_handle_t handle, const passkey_t passkey) = 0; - virtual void legacy_pariring_oob_request(connection_handle_t handle) { - if (_app_event_handler) { - _app_event_handler->legacyPairingOobRequest(handle); - } - } + virtual void valid_mic_timeout(connection_handle_t handle) = 0; - virtual void oob_request(connection_handle_t handle) { - if (_app_event_handler) { - _app_event_handler->oobRequest(handle); - } - } - virtual void pin_request(connection_handle_t handle) { + virtual void link_key_failure(connection_handle_t handle) = 0; - if (_app_event_handler) { - _app_event_handler->pinRequest(handle); - } - } - virtual void passkey_request(connection_handle_t handle) { + virtual void keypress_notification(connection_handle_t handle, SecurityManager::Keypress_t keypress) = 0; - if (_app_event_handler) { - _app_event_handler->passkeyRequest(handle); - } - } - virtual void confirmation_request(connection_handle_t handle) { + virtual void legacy_pariring_oob_request(connection_handle_t handle) = 0; - if (_app_event_handler) { - _app_event_handler->confirmationRequest(handle); - } - } - virtual void accept_pairing_request(connection_handle_t handle, - SecurityIOCapabilities_t iocaps, - bool use_oob, - authentication_t authentication, - uint8_t max_key_size, - key_distribution_t initiator_dist, - key_distribution_t responder_dist) { - if (_app_event_handler) { - _app_event_handler->acceptPairingRequest(handle); - } - } + virtual void oob_request(connection_handle_t handle) = 0; - virtual void keys_exchanged(connection_handle_t handle, address_t &peer_address, ediv_t &ediv, - rand_t &rand, ltk_t <k, csrk_t &csrk); - virtual void ltk_request(connection_handle_t handle, ediv_t &ediv, rand_t &rand); + virtual void pin_request(connection_handle_t handle) = 0; - virtual void set_app_event_handler(::SecurityManagerEventHandler *app_event_handler) { - _app_event_handler = app_event_handler; - } -private: - ::SecurityManagerEventHandler *_app_event_handler; + virtual void passkey_request(connection_handle_t handle) = 0; + + virtual void confirmation_request(connection_handle_t handle) = 0; + + virtual void accept_pairing_request( + connection_handle_t handle, + SecurityIOCapabilities_t iocaps, + bool use_oob, + authentication_t authentication, + uint8_t max_key_size, + key_distribution_t initiator_dist, + key_distribution_t responder_dist + ) = 0; + + virtual void keys_exchanged( + connection_handle_t handle, + address_t &peer_address, + ediv_t &ediv, + rand_t &rand, + ltk_t <k, + csrk_t &csrk + ) = 0; + + virtual void ltk_request( + connection_handle_t handle, + ediv_t &ediv, + rand_t &rand + ) = 0; }; - +/** + * Adaptation layer of the Security Manager. + */ class SecurityManager : private mbed::NonCopyable { public: SecurityManager() : _pal_event_handler(NULL) { }; + virtual ~SecurityManager() { }; - virtual ble_error_t initialize() { - return BLE_ERROR_NONE; - } - virtual ble_error_t terminate() { - return BLE_ERROR_NONE; - } - virtual ble_error_t reset() { - return BLE_ERROR_NONE; - } + virtual ble_error_t initialize() = 0; + + virtual ble_error_t terminate() = 0; + + virtual ble_error_t reset() = 0; /* persistence */ - virtual ble_error_t get_bonded_list(bonded_list_t &list) { - (void)list; - return BLE_ERROR_NOT_IMPLEMENTED; - } - virtual ble_error_t add_bonded_list_entry(bonded_list_entry_t &entry) { - (void)entry; - return BLE_ERROR_NOT_IMPLEMENTED; - } - virtual ble_error_t remove_bonded_list_entry(bonded_list_entry_t &entry) { - (void)entry; - return BLE_ERROR_NOT_IMPLEMENTED; - } - virtual ble_error_t clear_bonded_list() { - return BLE_ERROR_NOT_IMPLEMENTED; - } + virtual ble_error_t get_bonded_list(bonded_list_t &list) = 0; - virtual ble_error_t get_resolving_list(resolving_list_t &list) { - (void)list; - return BLE_ERROR_NOT_IMPLEMENTED; - } - virtual ble_error_t add_resolving_list_entry(resolving_list_entry_t &entry) { - (void)entry; - return BLE_ERROR_NOT_IMPLEMENTED; - } - virtual ble_error_t remove_resolving_list_entry(resolving_list_entry_t &entry) { - (void)entry; - return BLE_ERROR_NOT_IMPLEMENTED; - } - virtual ble_error_t clear_resolving_list() { - return BLE_ERROR_NOT_IMPLEMENTED; - } + virtual ble_error_t add_bonded_list_entry(bonded_list_entry_t &entry) = 0; - virtual ble_error_t get_whitelist(Gap::Whitelist_t &list) { - (void)list; - return BLE_ERROR_NOT_IMPLEMENTED; - } - virtual ble_error_t add_whitelist_entry(address_t &entry) { - (void)entry; - return BLE_ERROR_NOT_IMPLEMENTED; - } - virtual ble_error_t remove_whitelist_entry(address_t &entry) { - (void)entry; - return BLE_ERROR_NOT_IMPLEMENTED; - } - virtual ble_error_t clear_whitelist() { - return BLE_ERROR_NOT_IMPLEMENTED; - } + virtual ble_error_t remove_bonded_list_entry(bonded_list_entry_t &entry) = 0; + + virtual ble_error_t clear_bonded_list() = 0; + + virtual ble_error_t get_resolving_list(resolving_list_t &list) = 0; + + virtual ble_error_t add_resolving_list_entry(resolving_list_entry_t &entry) = 0; + + virtual ble_error_t remove_resolving_list_entry(resolving_list_entry_t &entry) = 0; + + virtual ble_error_t clear_resolving_list() = 0; + + virtual ble_error_t get_whitelist(Gap::Whitelist_t &list) = 0; + + virtual ble_error_t add_whitelist_entry(address_t &entry) = 0; + + virtual ble_error_t remove_whitelist_entry(address_t &entry) = 0; + + virtual ble_error_t clear_whitelist() = 0; /* feature support */ - virtual ble_error_t set_secure_connections_support(bool enabled, bool secure_connections_only = false) { - (void)enabled; - (void)secure_connections_only; - return BLE_ERROR_NOT_IMPLEMENTED; - } - virtual ble_error_t get_secure_connections_support(bool &enabled, bool &secure_connections_only) { - (void)enabled; - (void)secure_connections_only; - return BLE_ERROR_NOT_IMPLEMENTED; - } + virtual ble_error_t set_secure_connections_support( + bool enabled, bool secure_connections_only = false + ) = 0; + + virtual ble_error_t get_secure_connections_support( + bool &enabled, bool &secure_connections_only + ) = 0; /* security settings */ - virtual ble_error_t set_pin_code(uint8_t pin_length, uint8_t *pin_code, bool static_pin = false) { - (void)pin_length; - (void)pin_code; - (void)static_pin; - return BLE_ERROR_NOT_IMPLEMENTED; - } - virtual ble_error_t set_passkey(passkey_num_t passkey) { - (void)passkey; - return BLE_ERROR_NOT_IMPLEMENTED; - } + virtual ble_error_t set_pin_code( + uint8_t pin_length, uint8_t *pin_code, bool static_pin = false + ) = 0; - virtual ble_error_t set_authentication_timeout(connection_handle_t, uint16_t timeout_in_10ms) { - (void)timeout_in_10ms; - return BLE_ERROR_NOT_IMPLEMENTED; - } - virtual ble_error_t get_authentication_timeout(connection_handle_t, uint16_t &timeout_in_10ms) { - (void)timeout_in_10ms; - return BLE_ERROR_NOT_IMPLEMENTED; - } + virtual ble_error_t set_passkey(passkey_num_t passkey) = 0; + + virtual ble_error_t set_authentication_timeout( + connection_handle_t, uint16_t timeout_in_10ms + ) = 0; + + virtual ble_error_t get_authentication_timeout( + connection_handle_t, uint16_t &timeout_in_10ms + ) = 0; /* encryption */ - virtual ble_error_t enable_encryption(connection_handle_t handle) { - (void)handle; - return BLE_ERROR_NOT_IMPLEMENTED; - } + virtual ble_error_t enable_encryption(connection_handle_t handle) = 0; - virtual ble_error_t disable_encryption(connection_handle_t handle) { - (void)handle; - return BLE_ERROR_NOT_IMPLEMENTED; - } + virtual ble_error_t disable_encryption(connection_handle_t handle) = 0; - virtual ble_error_t get_encryption_status(connection_handle_t handle, LinkSecurityStatus_t &status) { - (void)handle; - (void)status; - return BLE_ERROR_NOT_IMPLEMENTED; - } + virtual ble_error_t get_encryption_status( + connection_handle_t handle, LinkSecurityStatus_t &status + ) = 0; - virtual ble_error_t get_encryption_key_size(connection_handle_t, uint8_t &bitsize) { - (void)bitsize; - return BLE_ERROR_NOT_IMPLEMENTED; - } + virtual ble_error_t get_encryption_key_size( + connection_handle_t, uint8_t &bitsize + ) = 0; - virtual ble_error_t refresh_encryption_key(connection_handle_t handle) { - (void)handle; - return BLE_ERROR_NOT_IMPLEMENTED; - } + virtual ble_error_t refresh_encryption_key(connection_handle_t handle) = 0; /* privacy */ - virtual ble_error_t set_private_address_timeout(uint16_t timeout_in_seconds) { - (void)timeout_in_seconds; - return BLE_ERROR_NOT_IMPLEMENTED; - } + virtual ble_error_t set_private_address_timeout(uint16_t timeout_in_seconds) = 0; /* keys */ - virtual ble_error_t set_ltk(connection_handle_t handle, ltk_t ltk) { - (void)ltk; - return BLE_ERROR_NOT_IMPLEMENTED; - } + virtual ble_error_t set_ltk(connection_handle_t handle, ltk_t ltk) = 0; - virtual ble_error_t set_irk(irk_t irk) { - (void)irk; - return BLE_ERROR_NOT_IMPLEMENTED; - } - virtual ble_error_t set_csrk(csrk_t csrk) { - (void)csrk; - return BLE_ERROR_NOT_IMPLEMENTED; - } - virtual ble_error_t generate_irk() { - return BLE_ERROR_NOT_IMPLEMENTED; - } - virtual ble_error_t generate_csrk() { - return BLE_ERROR_NOT_IMPLEMENTED; - } + virtual ble_error_t set_irk(irk_t irk) = 0; + + virtual ble_error_t set_csrk(csrk_t csrk) = 0; + + virtual ble_error_t generate_irk() = 0; + + virtual ble_error_t generate_csrk() = 0; /* authentication */ - virtual ble_error_t request_pairing(connection_handle_t handle, - SecurityIOCapabilities_t iocaps, - bool use_oob, - authentication_t authentication, - uint8_t max_key_size, - key_distribution_t initiator_dist, - key_distribution_t responder_dist) { - (void)handle; - (void)iocaps; - (void)use_oob; - (void)authentication; - (void)max_key_size; - (void)initiator_dist; - (void)responder_dist; - return BLE_ERROR_NOT_IMPLEMENTED; - } - virtual ble_error_t accept_pairing(connection_handle_t handle, - SecurityIOCapabilities_t iocaps, - bool use_oob, - authentication_t authentication, - uint8_t max_key_size, - key_distribution_t initiator_dist, - key_distribution_t responder_dist) { - (void)handle; - (void)iocaps; - (void)use_oob; - (void)authentication; - (void)max_key_size; - (void)initiator_dist; - (void)responder_dist; - return BLE_ERROR_NOT_IMPLEMENTED; - } - virtual ble_error_t reject_pairing(connection_handle_t handle) { - (void)handle; - return BLE_ERROR_NOT_IMPLEMENTED; - } - virtual ble_error_t cancel_pairing(connection_handle_t handle) { - (void)handle; - return BLE_ERROR_NOT_IMPLEMENTED; - } + virtual ble_error_t request_pairing( + connection_handle_t handle, + SecurityIOCapabilities_t iocaps, + bool use_oob, + authentication_t authentication, + uint8_t max_key_size, + key_distribution_t initiator_dist, + key_distribution_t responder_dist + ) = 0; - virtual ble_error_t set_pairing_request_authorisation(bool authorisation_required = true) { - (void)authorisation_required; - return BLE_ERROR_NOT_IMPLEMENTED; - } + virtual ble_error_t accept_pairing( + connection_handle_t handle, + SecurityIOCapabilities_t iocaps, + bool use_oob, + authentication_t authentication, + uint8_t max_key_size, + key_distribution_t initiator_dist, + key_distribution_t responder_dist + ) = 0; - virtual ble_error_t request_authentication(connection_handle_t handle) { - (void)handle; - return BLE_ERROR_NOT_IMPLEMENTED; - } + virtual ble_error_t reject_pairing(connection_handle_t handle) = 0; + + virtual ble_error_t cancel_pairing(connection_handle_t handle) = 0; + + virtual ble_error_t set_pairing_request_authorisation( + bool authorisation_required = true + ) = 0; + + virtual ble_error_t request_authentication(connection_handle_t handle) = 0; /* MITM */ - virtual ble_error_t confirmation_entered(connection_handle_t handle, bool confirmation) { - (void)handle; - (void)confirmation; - return BLE_ERROR_NOT_IMPLEMENTED; - } - virtual ble_error_t passkey_entered(connection_handle_t handle, passkey_t passkey) { - (void)handle; - (void)passkey; - return BLE_ERROR_NOT_IMPLEMENTED; - } - virtual ble_error_t send_keypress_notification(connection_handle_t handle, Keypress_t keypress) { - (void)handle; - (void)keypress; - return BLE_ERROR_NOT_IMPLEMENTED; - } + virtual ble_error_t confirmation_entered( + connection_handle_t handle, bool confirmation + ) = 0; + + virtual ble_error_t passkey_entered( + connection_handle_t handle, passkey_t passkey + ) = 0; + + virtual ble_error_t send_keypress_notification( + connection_handle_t handle, Keypress_t keypress + ) = 0; + + virtual ble_error_t set_oob( + connection_handle_t handle, c192_t& c192, r192_t& r192 + ) = 0; + + virtual ble_error_t set_extended_oob( + connection_handle_t handle, + c192_t& c192, + r192_t& r192, + c256_t& c256, + r256_t& r256 + ) = 0; + + virtual ble_error_t get_local_oob_data( + connection_handle_t handle, c192_t& c192, r192_t& r192 + ) = 0; + + virtual ble_error_t get_local_extended_oob_data( + connection_handle_t handle, + c192_t& c192, r192_t& r192, c256_t& c256, r256_t& r256 + ) = 0; - virtual ble_error_t set_oob(connection_handle_t handle, c192_t& c192, r192_t& r192) { - (void)handle; - (void)c192; - (void)r192; - return BLE_ERROR_NOT_IMPLEMENTED; - } - virtual ble_error_t set_extended_oob(connection_handle_t handle, - c192_t& c192, r192_t& r192, c256_t& c256, r256_t& r256) { - (void)handle; - (void)c192; - (void)r192; - (void)c256; - (void)r256; - return BLE_ERROR_NOT_IMPLEMENTED; - } - virtual ble_error_t get_local_oob_data(connection_handle_t handle, c192_t& c192, r192_t& r192) { - (void)handle; - (void)c192; - (void)r192; - return BLE_ERROR_NOT_IMPLEMENTED; - } - virtual ble_error_t get_local_extended_oob_data(connection_handle_t handle, - c192_t& c192, r192_t& r192, c256_t& c256, r256_t& r256) { - (void)handle; - (void)c192; - (void)r192; - (void)c256; - (void)r256; - return BLE_ERROR_NOT_IMPLEMENTED; - } /* Entry points for the underlying stack to report events back to the user. */ - public: - SecurityManagerEventHandler& get_event_handler() { - /* guaranteed to be a valid pointer */ - return _pal_event_handler; - } - void set_app_event_handler(::SecurityManagerEventHandler *app_event_handler) { - _pal_event_handler->set_app_event_handler(app_event_handler); - } +public: void set_event_handler(SecurityManagerEventHandler *event_handler) { _pal_event_handler = event_handler; } + +protected: + SecurityManagerEventHandler* get_event_handler() { + return _pal_event_handler; + } + private: SecurityManagerEventHandler *_pal_event_handler;