ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Convert SecurityManagerEventHandler into a pure interface. 

Convert most functions of SecurityManager into virtual pure functions.
Protect access to the get_event_handler function and remove function set_app_event_handler.
pull/6188/head
Vincent Coubard 2018-01-15 14:25:27 +00:00
parent 2f49b66c52
commit 1ee56f6b83
1 changed files with 186 additions and 314 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

500
features/FEATURE_BLE/ble/pal/PalSecurityManager.h
View File

@ -98,380 +98,252 @@ struct bonded_list_t {
uint8_t capacity; /**< number of entries that can be stored */ uint8_t capacity; /**< number of entries that can be stored */
}; };
/**
* Handle events generated by ble::pal::SecurityManager
*/
class SecurityManagerEventHandler { class SecurityManagerEventHandler {
SecurityManagerEventHandler() : _app_event_handler(NULL) { }; public:
virtual void security_setup_initiated(connection_handle_t handle, bool allow_bonding, virtual void security_setup_initiated(
bool require_mitm, SecurityIOCapabilities_t iocaps) { connection_handle_t handle,
if (_app_event_handler) { bool allow_bonding,
_app_event_handler->securitySetupInitiated(handle, allow_bonding, require_mitm, iocaps); bool require_mitm,
} SecurityIOCapabilities_t iocaps
} ) = 0;
virtual void security_setup_completed(connection_handle_t handle,
SecurityManager::SecurityCompletionStatus_t status) {
if (_app_event_handler) {
_app_event_handler->securitySetupCompleted(handle, status);
}
}
virtual void link_secured(connection_handle_t handle, SecurityManager::SecurityMode_t security_mode) {
if (_app_event_handler) {
_app_event_handler->linkSecured(handle, security_mode);
}
}
virtual void security_context_stored(connection_handle_t handle) { virtual void security_setup_completed(
if (_app_event_handler) { connection_handle_t handle,
_app_event_handler->securityContextStored(handle); SecurityManager::SecurityCompletionStatus_t status
} ) = 0;
}
virtual void passkey_display(connection_handle_t handle, const passkey_t passkey) {
if (_app_event_handler) {
_app_event_handler->passkeyDisplay(handle, passkey);
}
}
virtual void valid_mic_timeout(connection_handle_t handle) { virtual void link_secured(
if (_app_event_handler) { connection_handle_t handle, SecurityManager::SecurityMode_t security_mode
_app_event_handler->validMicTimeout(handle); ) = 0;
}
}
virtual void link_key_failure(connection_handle_t handle) { virtual void security_context_stored(connection_handle_t handle) = 0;
if (_app_event_handler) {
_app_event_handler->linkKeyFailure(handle);
}
}
virtual void keypress_notification(connection_handle_t handle, SecurityManager::Keypress_t keypress) { virtual void passkey_display(connection_handle_t handle, const passkey_t passkey) = 0;
if (_app_event_handler) {
_app_event_handler->keypressNotification(handle, keypress);
}
}
virtual void legacy_pariring_oob_request(connection_handle_t handle) { virtual void valid_mic_timeout(connection_handle_t handle) = 0;
if (_app_event_handler) {
_app_event_handler->legacyPairingOobRequest(handle);
}
}
virtual void oob_request(connection_handle_t handle) { virtual void link_key_failure(connection_handle_t handle) = 0;
if (_app_event_handler) {
_app_event_handler->oobRequest(handle);
}
}
virtual void pin_request(connection_handle_t handle) {
if (_app_event_handler) { virtual void keypress_notification(connection_handle_t handle, SecurityManager::Keypress_t keypress) = 0;
_app_event_handler->pinRequest(handle);
}
}
virtual void passkey_request(connection_handle_t handle) {
if (_app_event_handler) { virtual void legacy_pariring_oob_request(connection_handle_t handle) = 0;
_app_event_handler->passkeyRequest(handle);
}
}
virtual void confirmation_request(connection_handle_t handle) {
if (_app_event_handler) { virtual void oob_request(connection_handle_t handle) = 0;
_app_event_handler->confirmationRequest(handle);
}
}
virtual void accept_pairing_request(connection_handle_t handle,
SecurityIOCapabilities_t iocaps,
bool use_oob,
authentication_t authentication,
uint8_t max_key_size,
key_distribution_t initiator_dist,
key_distribution_t responder_dist) {
if (_app_event_handler) {
_app_event_handler->acceptPairingRequest(handle);
}
}
virtual void keys_exchanged(connection_handle_t handle, address_t &peer_address, ediv_t &ediv, virtual void pin_request(connection_handle_t handle) = 0;
rand_t &rand, ltk_t &ltk, csrk_t &csrk);
virtual void ltk_request(connection_handle_t handle, ediv_t &ediv, rand_t &rand);
virtual void set_app_event_handler(::SecurityManagerEventHandler *app_event_handler) { virtual void passkey_request(connection_handle_t handle) = 0;
_app_event_handler = app_event_handler;
} virtual void confirmation_request(connection_handle_t handle) = 0;
private:
::SecurityManagerEventHandler *_app_event_handler; virtual void accept_pairing_request(
connection_handle_t handle,
SecurityIOCapabilities_t iocaps,
bool use_oob,
authentication_t authentication,
uint8_t max_key_size,
key_distribution_t initiator_dist,
key_distribution_t responder_dist
) = 0;
virtual void keys_exchanged(
connection_handle_t handle,
address_t &peer_address,
ediv_t &ediv,
rand_t &rand,
ltk_t &ltk,
csrk_t &csrk
) = 0;
virtual void ltk_request(
connection_handle_t handle,
ediv_t &ediv,
rand_t &rand
) = 0;
}; };
/**
* Adaptation layer of the Security Manager.
*/
class SecurityManager : private mbed::NonCopyable<SecurityManager> { class SecurityManager : private mbed::NonCopyable<SecurityManager> {
public: public:
SecurityManager() : _pal_event_handler(NULL) { }; SecurityManager() : _pal_event_handler(NULL) { };
virtual ~SecurityManager() { }; virtual ~SecurityManager() { };
virtual ble_error_t initialize() { virtual ble_error_t initialize() = 0;
return BLE_ERROR_NONE;
} virtual ble_error_t terminate() = 0;
virtual ble_error_t terminate() {
return BLE_ERROR_NONE; virtual ble_error_t reset() = 0;
}
virtual ble_error_t reset() {
return BLE_ERROR_NONE;
}
/* persistence */ /* persistence */
virtual ble_error_t get_bonded_list(bonded_list_t &list) { virtual ble_error_t get_bonded_list(bonded_list_t &list) = 0;
(void)list;
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t add_bonded_list_entry(bonded_list_entry_t &entry) {
(void)entry;
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t remove_bonded_list_entry(bonded_list_entry_t &entry) {
(void)entry;
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t clear_bonded_list() {
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t get_resolving_list(resolving_list_t &list) { virtual ble_error_t add_bonded_list_entry(bonded_list_entry_t &entry) = 0;
(void)list;
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t add_resolving_list_entry(resolving_list_entry_t &entry) {
(void)entry;
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t remove_resolving_list_entry(resolving_list_entry_t &entry) {
(void)entry;
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t clear_resolving_list() {
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t get_whitelist(Gap::Whitelist_t &list) { virtual ble_error_t remove_bonded_list_entry(bonded_list_entry_t &entry) = 0;
(void)list;
return BLE_ERROR_NOT_IMPLEMENTED; virtual ble_error_t clear_bonded_list() = 0;
}
virtual ble_error_t add_whitelist_entry(address_t &entry) { virtual ble_error_t get_resolving_list(resolving_list_t &list) = 0;
(void)entry;
return BLE_ERROR_NOT_IMPLEMENTED; virtual ble_error_t add_resolving_list_entry(resolving_list_entry_t &entry) = 0;
}
virtual ble_error_t remove_whitelist_entry(address_t &entry) { virtual ble_error_t remove_resolving_list_entry(resolving_list_entry_t &entry) = 0;
(void)entry;
return BLE_ERROR_NOT_IMPLEMENTED; virtual ble_error_t clear_resolving_list() = 0;
}
virtual ble_error_t clear_whitelist() { virtual ble_error_t get_whitelist(Gap::Whitelist_t &list) = 0;
return BLE_ERROR_NOT_IMPLEMENTED;
} virtual ble_error_t add_whitelist_entry(address_t &entry) = 0;
virtual ble_error_t remove_whitelist_entry(address_t &entry) = 0;
virtual ble_error_t clear_whitelist() = 0;
/* feature support */ /* feature support */
virtual ble_error_t set_secure_connections_support(bool enabled, bool secure_connections_only = false) { virtual ble_error_t set_secure_connections_support(
(void)enabled; bool enabled, bool secure_connections_only = false
(void)secure_connections_only; ) = 0;
return BLE_ERROR_NOT_IMPLEMENTED;
} virtual ble_error_t get_secure_connections_support(
virtual ble_error_t get_secure_connections_support(bool &enabled, bool &secure_connections_only) { bool &enabled, bool &secure_connections_only
(void)enabled; ) = 0;
(void)secure_connections_only;
return BLE_ERROR_NOT_IMPLEMENTED;
}
/* security settings */ /* security settings */
virtual ble_error_t set_pin_code(uint8_t pin_length, uint8_t *pin_code, bool static_pin = false) { virtual ble_error_t set_pin_code(
(void)pin_length; uint8_t pin_length, uint8_t *pin_code, bool static_pin = false
(void)pin_code; ) = 0;
(void)static_pin;
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t set_passkey(passkey_num_t passkey) {
(void)passkey;
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t set_authentication_timeout(connection_handle_t, uint16_t timeout_in_10ms) { virtual ble_error_t set_passkey(passkey_num_t passkey) = 0;
(void)timeout_in_10ms;
return BLE_ERROR_NOT_IMPLEMENTED; virtual ble_error_t set_authentication_timeout(
} connection_handle_t, uint16_t timeout_in_10ms
virtual ble_error_t get_authentication_timeout(connection_handle_t, uint16_t &timeout_in_10ms) { ) = 0;
(void)timeout_in_10ms;
return BLE_ERROR_NOT_IMPLEMENTED; virtual ble_error_t get_authentication_timeout(
} connection_handle_t, uint16_t &timeout_in_10ms
) = 0;
/* encryption */ /* encryption */
virtual ble_error_t enable_encryption(connection_handle_t handle) { virtual ble_error_t enable_encryption(connection_handle_t handle) = 0;
(void)handle;
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t disable_encryption(connection_handle_t handle) { virtual ble_error_t disable_encryption(connection_handle_t handle) = 0;
(void)handle;
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t get_encryption_status(connection_handle_t handle, LinkSecurityStatus_t &status) { virtual ble_error_t get_encryption_status(
(void)handle; connection_handle_t handle, LinkSecurityStatus_t &status
(void)status; ) = 0;
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t get_encryption_key_size(connection_handle_t, uint8_t &bitsize) { virtual ble_error_t get_encryption_key_size(
(void)bitsize; connection_handle_t, uint8_t &bitsize
return BLE_ERROR_NOT_IMPLEMENTED; ) = 0;
}
virtual ble_error_t refresh_encryption_key(connection_handle_t handle) { virtual ble_error_t refresh_encryption_key(connection_handle_t handle) = 0;
(void)handle;
return BLE_ERROR_NOT_IMPLEMENTED;
}
/* privacy */ /* privacy */
virtual ble_error_t set_private_address_timeout(uint16_t timeout_in_seconds) { virtual ble_error_t set_private_address_timeout(uint16_t timeout_in_seconds) = 0;
(void)timeout_in_seconds;
return BLE_ERROR_NOT_IMPLEMENTED;
}
/* keys */ /* keys */
virtual ble_error_t set_ltk(connection_handle_t handle, ltk_t ltk) { virtual ble_error_t set_ltk(connection_handle_t handle, ltk_t ltk) = 0;
(void)ltk;
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t set_irk(irk_t irk) { virtual ble_error_t set_irk(irk_t irk) = 0;
(void)irk;
return BLE_ERROR_NOT_IMPLEMENTED; virtual ble_error_t set_csrk(csrk_t csrk) = 0;
}
virtual ble_error_t set_csrk(csrk_t csrk) { virtual ble_error_t generate_irk() = 0;
(void)csrk;
return BLE_ERROR_NOT_IMPLEMENTED; virtual ble_error_t generate_csrk() = 0;
}
virtual ble_error_t generate_irk() {
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t generate_csrk() {
return BLE_ERROR_NOT_IMPLEMENTED;
}
/* authentication */ /* authentication */
virtual ble_error_t request_pairing(connection_handle_t handle, virtual ble_error_t request_pairing(
SecurityIOCapabilities_t iocaps, connection_handle_t handle,
bool use_oob, SecurityIOCapabilities_t iocaps,
authentication_t authentication, bool use_oob,
uint8_t max_key_size, authentication_t authentication,
key_distribution_t initiator_dist, uint8_t max_key_size,
key_distribution_t responder_dist) { key_distribution_t initiator_dist,
(void)handle; key_distribution_t responder_dist
(void)iocaps; ) = 0;
(void)use_oob;
(void)authentication;
(void)max_key_size;
(void)initiator_dist;
(void)responder_dist;
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t accept_pairing(connection_handle_t handle,
SecurityIOCapabilities_t iocaps,
bool use_oob,
authentication_t authentication,
uint8_t max_key_size,
key_distribution_t initiator_dist,
key_distribution_t responder_dist) {
(void)handle;
(void)iocaps;
(void)use_oob;
(void)authentication;
(void)max_key_size;
(void)initiator_dist;
(void)responder_dist;
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t reject_pairing(connection_handle_t handle) {
(void)handle;
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t cancel_pairing(connection_handle_t handle) {
(void)handle;
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t set_pairing_request_authorisation(bool authorisation_required = true) { virtual ble_error_t accept_pairing(
(void)authorisation_required; connection_handle_t handle,
return BLE_ERROR_NOT_IMPLEMENTED; SecurityIOCapabilities_t iocaps,
} bool use_oob,
authentication_t authentication,
uint8_t max_key_size,
key_distribution_t initiator_dist,
key_distribution_t responder_dist
) = 0;
virtual ble_error_t request_authentication(connection_handle_t handle) { virtual ble_error_t reject_pairing(connection_handle_t handle) = 0;
(void)handle;
return BLE_ERROR_NOT_IMPLEMENTED; virtual ble_error_t cancel_pairing(connection_handle_t handle) = 0;
}
virtual ble_error_t set_pairing_request_authorisation(
bool authorisation_required = true
) = 0;
virtual ble_error_t request_authentication(connection_handle_t handle) = 0;
/* MITM */ /* MITM */
virtual ble_error_t confirmation_entered(connection_handle_t handle, bool confirmation) { virtual ble_error_t confirmation_entered(
(void)handle; connection_handle_t handle, bool confirmation
(void)confirmation; ) = 0;
return BLE_ERROR_NOT_IMPLEMENTED;
} virtual ble_error_t passkey_entered(
virtual ble_error_t passkey_entered(connection_handle_t handle, passkey_t passkey) { connection_handle_t handle, passkey_t passkey
(void)handle; ) = 0;
(void)passkey;
return BLE_ERROR_NOT_IMPLEMENTED; virtual ble_error_t send_keypress_notification(
} connection_handle_t handle, Keypress_t keypress
virtual ble_error_t send_keypress_notification(connection_handle_t handle, Keypress_t keypress) { ) = 0;
(void)handle;
(void)keypress; virtual ble_error_t set_oob(
return BLE_ERROR_NOT_IMPLEMENTED; connection_handle_t handle, c192_t& c192, r192_t& r192
} ) = 0;
virtual ble_error_t set_extended_oob(
connection_handle_t handle,
c192_t& c192,
r192_t& r192,
c256_t& c256,
r256_t& r256
) = 0;
virtual ble_error_t get_local_oob_data(
connection_handle_t handle, c192_t& c192, r192_t& r192
) = 0;
virtual ble_error_t get_local_extended_oob_data(
connection_handle_t handle,
c192_t& c192, r192_t& r192, c256_t& c256, r256_t& r256
) = 0;
virtual ble_error_t set_oob(connection_handle_t handle, c192_t& c192, r192_t& r192) {
(void)handle;
(void)c192;
(void)r192;
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t set_extended_oob(connection_handle_t handle,
c192_t& c192, r192_t& r192, c256_t& c256, r256_t& r256) {
(void)handle;
(void)c192;
(void)r192;
(void)c256;
(void)r256;
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t get_local_oob_data(connection_handle_t handle, c192_t& c192, r192_t& r192) {
(void)handle;
(void)c192;
(void)r192;
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t get_local_extended_oob_data(connection_handle_t handle,
c192_t& c192, r192_t& r192, c256_t& c256, r256_t& r256) {
(void)handle;
(void)c192;
(void)r192;
(void)c256;
(void)r256;
return BLE_ERROR_NOT_IMPLEMENTED;
}
/* Entry points for the underlying stack to report events back to the user. */ /* Entry points for the underlying stack to report events back to the user. */
public: public:
SecurityManagerEventHandler& get_event_handler() {
/* guaranteed to be a valid pointer */
return _pal_event_handler;
}
void set_app_event_handler(::SecurityManagerEventHandler *app_event_handler) {
_pal_event_handler->set_app_event_handler(app_event_handler);
}
void set_event_handler(SecurityManagerEventHandler *event_handler) { void set_event_handler(SecurityManagerEventHandler *event_handler) {
_pal_event_handler = event_handler; _pal_event_handler = event_handler;
} }
protected:
SecurityManagerEventHandler* get_event_handler() {
return _pal_event_handler;
}
private: private:
SecurityManagerEventHandler *_pal_event_handler; SecurityManagerEventHandler *_pal_event_handler;