ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

BLE: Conditional compilation of the security manager 

Depends on the role (central or peripheral), signing enabled and secure connection enabled.
pull/13811/head
Vincent Coubard 2020-10-23 16:19:38 +01:00
parent 2e859cdab4
commit 557eac0617
7 changed files with 278 additions and 86 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
connectivity/FEATURE_BLE/include/ble/SecurityManager.h
View File

@ -247,6 +247,7 @@ public:
// Pairing
//
#if BLE_ROLE_PERIPHERAL
/**
* Request application to accept or reject pairing. Application should respond by
* calling the appropriate function: acceptPairingRequest or cancelPairingRequest
@ -256,6 +257,7 @@ public:
virtual void pairingRequest(ble::connection_handle_t connectionHandle) {
(void)connectionHandle;
}
#endif // BLE_ROLE_PERIPHERAL
/**
* Indicate to the application that pairing has completed.
@ -327,6 +329,7 @@ public:
(void)passkey;
}
#if BLE_FEATURE_SECURE_CONNECTIONS
/**
* Indicate to the application that a confirmation is required. This is used
* when the device does not have a keyboard but has a yes/no button. The device
@ -339,6 +342,7 @@ public:
virtual void confirmationRequest(ble::connection_handle_t connectionHandle) {
(void)connectionHandle;
}
#endif // BLE_FEATURE_SECURE_CONNECTIONS
/**
* Indicate to the application that a passkey is required. The application should
@ -350,6 +354,7 @@ public:
(void)connectionHandle;
}
#if BLE_FEATURE_SECURE_CONNECTIONS
/**
* Notify the application that a key was pressed by the peer during passkey entry.
*
@ -360,6 +365,7 @@ public:
(void)connectionHandle;
(void)keypress;
}
#endif // BLE_FEATURE_SECURE_CONNECTIONS
/**
* Indicate to the application it needs to return legacy pairing OOB to the stack.
@ -402,6 +408,7 @@ public:
// Keys
//
#if BLE_FEATURE_SIGNING
/**
* Deliver the signing key to the application.
*
@ -414,6 +421,8 @@ public:
(void)csrk;
(void)authenticated;
}
#endif // BLE_FEATURE_SIGNING
/**
* Prevent polymorphic deletion and avoid unnecessary virtual destructor
* as the SecurityManager class will never delete the instance it contains.
@ -526,6 +535,7 @@ public:
// Pairing
//
#if BLE_ROLE_CENTRAL
/**
* Request pairing with the peer. Called by the master.
* @note Slave can call requestAuthentication or setLinkEncryption to achieve security.
@ -534,7 +544,9 @@ public:
* @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
*/
ble_error_t requestPairing(ble::connection_handle_t connectionHandle);
#endif // BLE_ROLE_CENTRAL
#if BLE_ROLE_PERIPHERAL
/**
* Accept the pairing request. Called as a result of pairingRequest being called
* on the event handler.
@ -543,6 +555,7 @@ public:
* @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
*/
ble_error_t acceptPairingRequest(ble::connection_handle_t connectionHandle);
#endif // BLE_ROLE_PERIPHERAL
/**
* Reject pairing request if the local device is the slave or cancel an outstanding
@ -577,6 +590,7 @@ public:
// Feature support
//
#if BLE_FEATURE_SECURE_CONNECTIONS
/**
* Allow of disallow the use of legacy pairing in case the application only wants
* to force the use of Secure Connections. If legacy pairing is disallowed and either
@ -594,6 +608,7 @@ public:
* @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
*/
ble_error_t getSecureConnectionsSupport(bool *enabled);
#endif // BLE_FEATURE_SECURE_CONNECTIONS
////////////////////////////////////////////////////////////////////////////
// Security settings
@ -766,6 +781,7 @@ public:
*/
ble_error_t setOOBDataUsage(ble::connection_handle_t connectionHandle, bool useOOB, bool OOBProvidesMITM = true);
#if BLE_FEATURE_SECURE_CONNECTIONS
/**
* Report to the stack if the passkey matches or not. Used during pairing to provide MITM protection.
*
@ -774,6 +790,7 @@ public:
* @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
*/
ble_error_t confirmationEntered(ble::connection_handle_t connectionHandle, bool confirmation);
#endif // BLE_FEATURE_SECURE_CONNECTIONS
/**
* Supply the stack with the user entered passkey.
@ -784,6 +801,7 @@ public:
*/
ble_error_t passkeyEntered(ble::connection_handle_t connectionHandle, Passkey_t passkey);
#if BLE_FEATURE_SECURE_CONNECTIONS
/**
* Send a notification to the peer that the user pressed a key on the local device.
* @note This will only be delivered if the keypress notifications have been enabled during pairing.
@ -793,6 +811,7 @@ public:
* @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
*/
ble_error_t sendKeypressNotification(ble::connection_handle_t connectionHandle, ble::Keypress_t keypress);
#endif // BLE_FEATURE_SECURE_CONNECTIONS
/**
* Supply the stack with the OOB data for legacy connections.
@ -803,6 +822,7 @@ public:
*/
ble_error_t legacyPairingOobReceived(const ble::address_t *address, const ble::oob_tk_t *tk);
#if BLE_FEATURE_SECURE_CONNECTIONS
/**
* Supply the stack with the OOB data for secure connections.
*
@ -813,11 +833,13 @@ public:
* @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
*/
ble_error_t oobReceived(const ble::address_t *address, const ble::oob_lesc_value_t *random, const ble::oob_confirm_t *confirm);
#endif // BLE_FEATURE_SECURE_CONNECTIONS
////////////////////////////////////////////////////////////////////////////
// Keys
//
#if BLE_FEATURE_SIGNING
/**
* Retrieves a signing key through a signingKey event.
* If a signing key is not present, pairing/authentication will be attempted.
@ -830,6 +852,7 @@ public:
* @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
*/
ble_error_t getSigningKey(ble::connection_handle_t connectionHandle, bool authenticated);
#endif // BLE_FEATURE_SIGNING
////////////////////////////////////////////////////////////////////////////
// Privacy

14
connectivity/FEATURE_BLE/source/SecurityManager.cpp
View File

@ -57,15 +57,19 @@ ble_error_t SecurityManager::generateWhitelistFromBondTable(::ble::whitelist_t *
return impl->generateWhitelistFromBondTable(whitelist);
}
#if BLE_ROLE_CENTRAL
ble_error_t SecurityManager::requestPairing(ble::connection_handle_t connectionHandle)
{
return impl->requestPairing(connectionHandle);
}
#endif
#if BLE_ROLE_PERIPHERAL
ble_error_t SecurityManager::acceptPairingRequest(ble::connection_handle_t connectionHandle)
{
return impl->acceptPairingRequest(connectionHandle);
}
#endif
ble_error_t SecurityManager::cancelPairingRequest(ble::connection_handle_t connectionHandle)
{
@ -82,6 +86,7 @@ ble_error_t SecurityManager::getPeerIdentity(ble::connection_handle_t connection
return impl->getPeerIdentity(connectionHandle);
}
#if BLE_FEATURE_SECURE_CONNECTIONS
ble_error_t SecurityManager::allowLegacyPairing(bool allow)
{
return impl->allowLegacyPairing(allow);
@ -91,6 +96,7 @@ ble_error_t SecurityManager::getSecureConnectionsSupport(bool *enabled)
{
return impl->getSecureConnectionsSupport(enabled);
}
#endif
ble_error_t SecurityManager::setIoCapability(SecurityIOCapabilities_t iocaps)
{
@ -162,35 +168,43 @@ ble_error_t SecurityManager::setOOBDataUsage(ble::connection_handle_t connection
return impl->setOOBDataUsage(connectionHandle, useOOB, OOBProvidesMITM);
}
#if BLE_FEATURE_SECURE_CONNECTIONS
ble_error_t SecurityManager::confirmationEntered(ble::connection_handle_t connectionHandle, bool confirmation)
{
return impl->confirmationEntered(connectionHandle, confirmation);
}
#endif // BLE_FEATURE_SECURE_CONNECTIONS
ble_error_t SecurityManager::passkeyEntered(ble::connection_handle_t connectionHandle, Passkey_t passkey)
{
return impl->passkeyEntered(connectionHandle, passkey);
}
#if BLE_FEATURE_SECURE_CONNECTIONS
ble_error_t SecurityManager::sendKeypressNotification(ble::connection_handle_t connectionHandle, ble::Keypress_t keypress)
{
return impl->sendKeypressNotification(connectionHandle, keypress);
}
#endif // BLE_FEATURE_SECURE_CONNECTIONS
ble_error_t SecurityManager::legacyPairingOobReceived(const ble::address_t *address, const ble::oob_tk_t *tk)
{
return impl->legacyPairingOobReceived(address, tk);
}
#if BLE_FEATURE_SECURE_CONNECTIONS
ble_error_t SecurityManager::oobReceived(const ble::address_t *address, const ble::oob_lesc_value_t *random, const ble::oob_confirm_t *confirm)
{
return impl->oobReceived(address, random, confirm);
}
#endif // BLE_FEATURE_SECURE_CONNECTIONS
#if BLE_FEATURE_SIGNING
ble_error_t SecurityManager::getSigningKey(ble::connection_handle_t connectionHandle, bool authenticated)
{
return impl->getSigningKey(connectionHandle, authenticated);
}
#endif // BLE_FEATURE_SIGNING
#if BLE_FEATURE_PRIVACY
ble_error_t SecurityManager::setPrivateAddressTimeout(

42
connectivity/FEATURE_BLE/source/cordio/source/PalSecurityManagerImpl.cpp
View File

@ -36,10 +36,7 @@ namespace impl {
PalSecurityManager::PalSecurityManager() :
_pal_event_handler(nullptr),
_use_default_passkey(false),
_default_passkey(0),
_lesc_keys_generated(false),
_public_key_x(),
_peer_csrks()
_default_passkey(0)
{
}
@ -57,7 +54,9 @@ ble_error_t PalSecurityManager::initialize()
// reset local state
_use_default_passkey = false;
_default_passkey = 0;
#if BLE_FEATURE_SECURE_CONNECTIONS
_lesc_keys_generated = false;
#endif // BLE_FEATURE_SECURE_CONNECTIONS
#if BLE_FEATURE_SIGNING
memset(_peer_csrks, 0, sizeof(_peer_csrks));
#endif
@ -116,9 +115,14 @@ ble_error_t PalSecurityManager::get_secure_connections_support(
bool &enabled
)
{
#if BLE_FEATURE_SECURE_CONNECTIONS
// FIXME: should depend of the controller
enabled = false;
return BLE_ERROR_NONE;
#else
enabled = false;
return BLE_ERROR_NONE;
#endif
}
////////////////////////////////////////////////////////////////////////////
@ -143,7 +147,7 @@ ble_error_t PalSecurityManager::get_authentication_timeout(
return BLE_ERROR_NOT_IMPLEMENTED;
}
#if BLE_ROLE_PERIPHERAL
ble_error_t PalSecurityManager::slave_security_request(
connection_handle_t connection,
AuthenticationMask authentication
@ -152,12 +156,13 @@ ble_error_t PalSecurityManager::slave_security_request(
DmSecSlaveReq(connection, authentication.value());
return BLE_ERROR_NONE;
}
#endif // BLE_ROLE_PERIPHERAL
////////////////////////////////////////////////////////////////////////////
// Encryption
//
#if BLE_ROLE_CENTRAL
ble_error_t PalSecurityManager::enable_encryption(
connection_handle_t connection,
const ltk_t &ltk,
@ -180,7 +185,7 @@ ble_error_t PalSecurityManager::enable_encryption(
return BLE_ERROR_NONE;
}
#if BLE_FEATURE_SECURE_CONNECTIONS
ble_error_t PalSecurityManager::enable_encryption(
connection_handle_t connection,
const ltk_t &ltk,
@ -199,6 +204,8 @@ ble_error_t PalSecurityManager::enable_encryption(
return BLE_ERROR_NONE;
}
#endif // BLE_FEATURE_SECURE_CONNECTIONS
#endif // BLE_ROLE_CENTRAL
ble_error_t PalSecurityManager::encrypt_data(
@ -275,6 +282,7 @@ ble_error_t PalSecurityManager::set_identity_address(
return BLE_ERROR_NONE;
}
#if BLE_FEATURE_SIGNING
ble_error_t PalSecurityManager::set_csrk(
const csrk_t &csrk,
sign_count_t sign_counter
@ -335,6 +343,7 @@ ble_error_t PalSecurityManager::remove_peer_csrk(connection_handle_t connection)
AttsSetCsrk(connection, nullptr, false);
return BLE_ERROR_NONE;
}
#endif // BLE_FEATURE_SIGNING
////////////////////////////////////////////////////////////////////////////
// Global parameters
@ -380,7 +389,7 @@ ble_error_t PalSecurityManager::set_encryption_key_requirements(
// Authentication
//
#if BLE_ROLE_CENTRAL
ble_error_t PalSecurityManager::send_pairing_request(
connection_handle_t connection,
bool oob_data_flag,
@ -399,8 +408,9 @@ ble_error_t PalSecurityManager::send_pairing_request(
return BLE_ERROR_NONE;
}
#endif // BLE_ROLE_CENTRAL
#if BLE_ROLE_PERIPHERAL
ble_error_t PalSecurityManager::send_pairing_response(
connection_handle_t connection,
bool oob_data_flag,
@ -419,6 +429,7 @@ ble_error_t PalSecurityManager::send_pairing_response(
return BLE_ERROR_NONE;
}
#endif // BLE_ROLE_PERIPHERAL
ble_error_t PalSecurityManager::cancel_pairing(
@ -469,7 +480,7 @@ ble_error_t PalSecurityManager::legacy_pairing_oob_request_reply(
return BLE_ERROR_NONE;
}
#if BLE_FEATURE_SECURE_CONNECTIONS
ble_error_t PalSecurityManager::confirmation_entered(
connection_handle_t connection, bool confirmation
)
@ -520,6 +531,7 @@ ble_error_t PalSecurityManager::secure_connections_oob_request_reply(
return BLE_ERROR_NONE;
}
#endif // BLE_FEATURE_SECURE_CONNECTIONS
PalSecurityManager &PalSecurityManager::get_security_manager()
@ -703,6 +715,7 @@ bool PalSecurityManager::sm_handler(const wsfMsgHdr_t *msg)
return true;
}
#if BLE_ROLE_PERIPHERAL
case DM_SEC_PAIR_IND: {
auto *evt = (dmSecPairIndEvt_t *) msg;
handler->on_pairing_request(
@ -714,7 +727,9 @@ bool PalSecurityManager::sm_handler(const wsfMsgHdr_t *msg)
);
return true;
}
#endif // BLE_ROLE_PERIPHERAL
#if BLE_ROLE_CENTRAL
case DM_SEC_SLAVE_REQ_IND: {
auto *evt = (dmSecPairIndEvt_t *) msg;
handler->on_slave_security_request(
@ -723,7 +738,9 @@ bool PalSecurityManager::sm_handler(const wsfMsgHdr_t *msg)
);
return true;
}
#endif // BLE_ROLE_CENTRAL
#if BLE_FEATURE_SECURE_CONNECTIONS
case DM_SEC_CALC_OOB_IND: {
auto *evt = (dmSecOobCalcIndEvt_t *) msg;
handler->on_secure_connections_oob_generated(
@ -733,7 +750,6 @@ bool PalSecurityManager::sm_handler(const wsfMsgHdr_t *msg)
return true;
}
#if BLE_FEATURE_SECURE_CONNECTIONS
case DM_SEC_ECC_KEY_IND: {
auto *evt = (secEccMsg_t *) msg;
DmSecSetEccKey(&evt->data.key);
@ -741,7 +757,6 @@ bool PalSecurityManager::sm_handler(const wsfMsgHdr_t *msg)
self._lesc_keys_generated = true;
return true;
}
#endif // BLE_FEATURE_SECURE_CONNECTIONS
case DM_SEC_COMPARE_IND: {
auto *evt = (dmSecCnfIndEvt_t *) msg;
@ -761,6 +776,7 @@ bool PalSecurityManager::sm_handler(const wsfMsgHdr_t *msg)
);
return true;
}
#endif // BLE_FEATURE_SECURE_CONNECTIONS
default:
return false;
@ -769,6 +785,7 @@ bool PalSecurityManager::sm_handler(const wsfMsgHdr_t *msg)
// Helper functions for privacy
#if BLE_FEATURE_SIGNING
void PalSecurityManager::cleanup_peer_csrks()
{
for (auto & peer_csrk : _peer_csrks) {
@ -778,6 +795,7 @@ void PalSecurityManager::cleanup_peer_csrks()
}
}
}
#endif // BLE_FEATURE_SIGNING
void PalSecurityManager::set_event_handler(
PalSecurityManagerEventHandler *event_handler

28
connectivity/FEATURE_BLE/source/cordio/source/PalSecurityManagerImpl.h
View File

@ -63,6 +63,7 @@ public:
// Pairing
//
#if BLE_ROLE_CENTRAL
/**
* @see ::ble::PalSecurityManager::send_pairing_request
*/
@ -73,7 +74,9 @@ public:
KeyDistribution initiator_dist,
KeyDistribution responder_dist
) final;
#endif // BLE_ROLE_CENTRAL
#if BLE_ROLE_PERIPHERAL
/**
* @see ::ble::PalSecurityManager::send_pairing_response
*/
@ -84,6 +87,7 @@ public:
KeyDistribution initiator_dist,
KeyDistribution responder_dist
) final;
#endif // BLE_ROLE_PERIPHERAL
/**
* @see ::ble::PalSecurityManager::cancel_pairing
@ -134,6 +138,7 @@ public:
uint8_t max_encryption_key_size
) final;
#if BLE_ROLE_PERIPHERAL
/**
* @see ::ble::PalSecurityManager::slave_security_request
*/
@ -141,11 +146,13 @@ public:
connection_handle_t connection,
AuthenticationMask authentication
) final;
#endif
////////////////////////////////////////////////////////////////////////////
// Encryption
//
#if BLE_ROLE_CENTRAL
/**
* @see ::ble::PalSecurityManager::enable_encryption
*/
@ -157,6 +164,7 @@ public:
bool mitm
) final;
#if BLE_FEATURE_SECURE_CONNECTIONS
/**
* @see ::ble::PalSecurityManager::enable_encryption
*/
@ -165,6 +173,8 @@ public:
const ltk_t &ltk,
bool mitm
) final;
#endif // BLE_FEATURE_SECURE_CONNECTIONS
#endif // BLE_ROLE_CENTRAL
/**
* @see ::ble::PalSecurityManager::encrypt_data
@ -207,6 +217,7 @@ public:
const address_t &address, bool public_address
) final;
#if BLE_FEATURE_SIGNING
/**
* @see ::ble::PalSecurityManager::set_csrk
*/
@ -226,6 +237,7 @@ public:
) final;
ble_error_t remove_peer_csrk(connection_handle_t connection) final;
#endif // BLE_FEATURE_SIGNING
////////////////////////////////////////////////////////////////////////////
// Authentication
@ -253,6 +265,7 @@ public:
passkey_num_t passkey
) final;
#if BLE_FEATURE_SECURE_CONNECTIONS
/**
* @see ::ble::PalSecurityManager::secure_connections_oob_request_reply
*/
@ -262,6 +275,7 @@ public:
const oob_lesc_value_t &peer_random,
const oob_confirm_t &peer_confirm
) final;
#endif // /BLE_FEATURE_SECURE_CONNECTIONS
/**
* @see ::ble::PalSecurityManager::legacy_pairing_oob_request_reply
@ -271,6 +285,7 @@ public:
const oob_tk_t &oob_data
) final;
#if BLE_FEATURE_SECURE_CONNECTIONS
/**
* @see ::ble::PalSecurityManager::confirmation_entered
*/
@ -289,6 +304,7 @@ public:
* @see ::ble::PalSecurityManager::generate_secure_connections_oob
*/
ble_error_t generate_secure_connections_oob() final;
#endif // BLE_FEATURE_SECURE_CONNECTIONS
/**
* @see ::ble::PalSecurityManager::set_event_handler
@ -309,17 +325,23 @@ public:
private:
#if BLE_FEATURE_SIGNING
void cleanup_peer_csrks();
#endif // BLE_FEATURE_SIGNING
PalSecurityManagerEventHandler *_pal_event_handler;
bool _use_default_passkey;
passkey_num_t _default_passkey;
bool _lesc_keys_generated;
uint8_t _public_key_x[SEC_ECC_KEY_LEN];
#if BLE_FEATURE_SECURE_CONNECTIONS
bool _lesc_keys_generated = false;
uint8_t _public_key_x[SEC_ECC_KEY_LEN] = {0};
#endif // BLE_FEATURE_SECURE_CONNECTIONS
irk_t _irk;
#if BLE_FEATURE_SIGNING
csrk_t _csrk;
csrk_t *_peer_csrks[DM_CONN_MAX];
csrk_t *_peer_csrks[DM_CONN_MAX] = {0};
#endif // BLE_FEATURE_SIGNING
};
} // namespace impl

179
connectivity/FEATURE_BLE/source/generic/SecurityManagerImpl.cpp
View File

@ -243,7 +243,7 @@ ble_error_t SecurityManager::generateWhitelistFromBondTable(::ble::whitelist_t *
// Pairing
//
#if BLE_ROLE_CENTRAL
ble_error_t SecurityManager::requestPairing(connection_handle_t connection)
{
if (!_db) return BLE_ERROR_INITIALIZATION_INCOMPLETE;
@ -297,8 +297,9 @@ ble_error_t SecurityManager::requestPairing(connection_handle_t connection)
responder_distribution
);
}
#endif // BLE_ROLE_CENTRAL
#if BLE_ROLE_PERIPHERAL
ble_error_t SecurityManager::acceptPairingRequest(connection_handle_t connection)
{
if (!_db) return BLE_ERROR_INITIALIZATION_INCOMPLETE;
@ -357,6 +358,7 @@ ble_error_t SecurityManager::acceptPairingRequest(connection_handle_t connection
responder_distribution
);
}
#endif
ble_error_t SecurityManager::cancelPairingRequest(connection_handle_t connection)
@ -405,7 +407,7 @@ ble_error_t SecurityManager::getPeerIdentity(connection_handle_t connection)
// Feature support
//
#if BLE_FEATURE_SECURE_CONNECTIONS
ble_error_t SecurityManager::allowLegacyPairing(bool allow)
{
_legacy_pairing_allowed = allow;
@ -417,6 +419,7 @@ ble_error_t SecurityManager::getSecureConnectionsSupport(bool *enabled)
{
return _pal.get_secure_connections_support(*enabled);
}
#endif // BLE_FEATURE_SECURE_CONNECTIONS
////////////////////////////////////////////////////////////////////////////
// Security settings
@ -485,11 +488,13 @@ ble_error_t SecurityManager::setLinkSecurity(
case SECURITY_MODE_ENCRYPTION_WITH_MITM:
return setLinkEncryption(connection, link_encryption_t::ENCRYPTED_WITH_MITM);
#if BLE_FEATURE_SIGNING
case SECURITY_MODE_SIGNED_NO_MITM:
return getSigningKey(connection, false);
case SECURITY_MODE_SIGNED_WITH_MITM:
return getSigningKey(connection, true);
#endif // BLE_FEATURE_SIGNING
default:
return BLE_ERROR_INVALID_PARAM;
@ -535,9 +540,17 @@ ble_error_t SecurityManager::enableSigning(
/* create keys if needed and exchange them */
init_signing();
if (cb->is_master) {
#if BLE_ROLE_CENTRAL
return requestPairing(connection);
#else
return BLE_ERROR_NOT_IMPLEMENTED;
#endif
} else {
#if BLE_ROLE_PERIPHERAL
return slave_security_request(connection);
#else
return BLE_ERROR_NOT_IMPLEMENTED;
#endif
}
}
} else {
@ -702,6 +715,7 @@ ble_error_t SecurityManager::setEncryptionKeyRequirements(
// Keys
//
#if BLE_FEATURE_SIGNING
ble_error_t SecurityManager::getSigningKey(connection_handle_t connection, bool authenticated)
{
if (!_db) return BLE_ERROR_INITIALIZATION_INCOMPLETE;
@ -730,12 +744,21 @@ ble_error_t SecurityManager::getSigningKey(connection_handle_t connection, bool
if (authenticated) {
return requestAuthentication(connection);
} else if (cb->is_master) {
#if BLE_ROLE_CENTRAL
return requestPairing(connection);
#else
return BLE_ERROR_NOT_IMPLEMENTED;
#endif
} else {
#if BLE_ROLE_PERIPHERAL
return slave_security_request(connection);
#else
return BLE_ERROR_NOT_IMPLEMENTED;
#endif
}
}
}
#endif // BLE_FEATURE_SIGNING
////////////////////////////////////////////////////////////////////////////
// Privacy
@ -780,9 +803,17 @@ ble_error_t SecurityManager::requestAuthentication(connection_handle_t connectio
} else {
cb->mitm_requested = true;
if (cb->is_master) {
#if BLE_ROLE_CENTRAL
return requestPairing(connection);
#else
return BLE_ERROR_NOT_IMPLEMENTED;
#endif
} else {
#if BLE_ROLE_PERIPHERAL
return slave_security_request(connection);
#else
return BLE_ERROR_NOT_IMPLEMENTED;
#endif
}
}
}
@ -811,6 +842,7 @@ ble_error_t SecurityManager::generateOOB(
return status;
}
#if BLE_FEATURE_SECURE_CONNECTIONS
/* Secure connections. Avoid generating if we're already waiting for it.
* If a local random is set to 0 it means we're already calculating. */
if (!is_all_zeros(_oob_local_random)) {
@ -833,6 +865,7 @@ ble_error_t SecurityManager::generateOOB(
} else {
return BLE_STACK_BUSY;
}
#endif // BLE_FEATURE_SECURE_CONNECTIONS
return BLE_ERROR_NONE;
}
@ -860,7 +893,7 @@ ble_error_t SecurityManager::setOOBDataUsage(
}
}
#if BLE_FEATURE_SECURE_CONNECTIONS
ble_error_t SecurityManager::confirmationEntered(
connection_handle_t connection,
bool confirmation
@ -869,7 +902,7 @@ ble_error_t SecurityManager::confirmationEntered(
if (!_db) return BLE_ERROR_INITIALIZATION_INCOMPLETE;
return _pal.confirmation_entered(connection, confirmation);
}
#endif // BLE_FEATURE_SECURE_CONNECTIONS
ble_error_t SecurityManager::passkeyEntered(
connection_handle_t connection,
@ -883,7 +916,7 @@ ble_error_t SecurityManager::passkeyEntered(
);
}
#if BLE_FEATURE_SECURE_CONNECTIONS
ble_error_t SecurityManager::sendKeypressNotification(
connection_handle_t connection,
ble::Keypress_t keypress
@ -892,6 +925,7 @@ ble_error_t SecurityManager::sendKeypressNotification(
if (!_db) return BLE_ERROR_INITIALIZATION_INCOMPLETE;
return _pal.send_keypress_notification(connection, keypress);
}
#endif // BLE_FEATURE_SECURE_CONNECTIONS
ble_error_t SecurityManager::legacyPairingOobReceived(
@ -929,7 +963,7 @@ ble_error_t SecurityManager::legacyPairingOobReceived(
return BLE_ERROR_NONE;
}
#if BLE_FEATURE_SECURE_CONNECTIONS
ble_error_t SecurityManager::oobReceived(
const address_t *address,
const oob_lesc_value_t *random,
@ -946,6 +980,7 @@ ble_error_t SecurityManager::oobReceived(
return BLE_ERROR_INVALID_PARAM;
}
#endif // BLE_FEATURE_SECURE_CONNECTIONS
////////////////////////////////////////////////////////////////////////////
// Helper functions
@ -1104,6 +1139,7 @@ ble_error_t SecurityManager::get_random_data(uint8_t *buffer, size_t size)
}
#if BLE_ROLE_PERIPHERAL
ble_error_t SecurityManager::slave_security_request(connection_handle_t connection)
{
if (!_db) return BLE_ERROR_INITIALIZATION_INCOMPLETE;
@ -1115,6 +1151,7 @@ ble_error_t SecurityManager::slave_security_request(connection_handle_t connecti
link_authentication.set_mitm(cb->mitm_requested);
return _pal.slave_security_request(connection, link_authentication);
}
#endif // BLE_ROLE_PERIPHERAL
ble_error_t SecurityManager::enable_encryption(connection_handle_t connection)
@ -1131,6 +1168,7 @@ ble_error_t SecurityManager::enable_encryption(connection_handle_t connection)
}
if (cb->is_master) {
#if BLE_ROLE_CENTRAL
if (flags->ltk_stored) {
_db->get_entry_peer_keys(
mbed::callback(this, &SecurityManager::enable_encryption_cb),
@ -1140,12 +1178,19 @@ ble_error_t SecurityManager::enable_encryption(connection_handle_t connection)
} else {
return requestPairing(connection);
}
#else
return BLE_ERROR_NOT_IMPLEMENTED;
#endif // BLE_ROLE_CENTRAL
} else {
#if BLE_ROLE_PERIPHERAL
return slave_security_request(connection);
#else
return BLE_ERROR_NOT_IMPLEMENTED;
#endif // BLE_ROLE_PERIPHERAL
}
}
#if BLE_ROLE_CENTRAL
void SecurityManager::enable_encryption_cb(
SecurityDb::entry_handle_t db_entry,
const SecurityEntryKeys_t* entryKeys
@ -1163,14 +1208,17 @@ void SecurityManager::enable_encryption_cb(
}
if (entryKeys) {
#if BLE_FEATURE_SECURE_CONNECTIONS
if (flags->secure_connections_paired) {
_pal.enable_encryption(cb->connection, entryKeys->ltk, flags->ltk_mitm_protected);
} else {
} else
#endif
{
_pal.enable_encryption(cb->connection, entryKeys->ltk, entryKeys->rand, entryKeys->ediv, flags->ltk_mitm_protected);
}
}
}
#endif
void SecurityManager::set_ltk_cb(
SecurityDb::entry_handle_t db_entry,
@ -1200,7 +1248,7 @@ void SecurityManager::set_ltk_cb(
}
}
#if BLE_FEATURE_SIGNING
void SecurityManager::set_peer_csrk_cb(
SecurityDb::entry_handle_t db_entry,
const SecurityEntrySigning_t* signing
@ -1247,7 +1295,7 @@ void SecurityManager::return_csrk_cb(
flags->csrk_mitm_protected
);
}
#endif // BLE_FEATURE_SIGNING
void SecurityManager::update_oob_presence(connection_handle_t connection)
{
@ -1410,7 +1458,7 @@ void SecurityManager::on_identity_list_retrieved(
// Pairing
//
#if BLE_ROLE_PERIPHERAL
void SecurityManager::on_pairing_request(
connection_handle_t connection,
bool use_oob,
@ -1441,7 +1489,7 @@ void SecurityManager::on_pairing_request(
acceptPairingRequest(connection);
}
}
#endif // BLE_ROLE_PERIPHERAL
void SecurityManager::on_pairing_error(
connection_handle_t connection,
@ -1505,7 +1553,7 @@ void SecurityManager::on_valid_mic_timeout(connection_handle_t connection)
(void)connection;
}
#if BLE_FEATURE_SIGNING
void SecurityManager::on_signed_write_received(
connection_handle_t connection,
sign_count_t sign_counter
@ -1538,9 +1586,13 @@ void SecurityManager::on_signed_write_verification_failure(
if (cb->csrk_failures == 3) {
cb->csrk_failures = 0;
if (cb->is_master) {
#if BLE_ROLE_CENTRAL
requestPairing(connection);
#endif
} else {
#if BLE_ROLE_PERIPHERAL
slave_security_request(connection);
#endif
}
}
}
@ -1552,8 +1604,9 @@ void SecurityManager::on_signed_write()
MBED_ASSERT(_db);
_db->set_local_sign_counter(_db->get_local_sign_counter() + 1);
}
#endif // BLE_FEATURE_SIGNING
#if BLE_ROLE_CENTRAL
void SecurityManager::on_slave_security_request(
connection_handle_t connection,
AuthenticationMask authentication
@ -1589,6 +1642,7 @@ void SecurityManager::on_slave_security_request(
enable_encryption(connection);
}
}
#endif // BLE_ROLE_CENTRAL
////////////////////////////////////////////////////////////////////////////
// Encryption
@ -1622,7 +1676,9 @@ void SecurityManager::on_link_encryption_result(
cb->authenticated = true;
cb->encrypted = true;
} else if (result == link_encryption_t::NOT_ENCRYPTED
}
#if BLE_ROLE_CENTRAL
else if (result == link_encryption_t::NOT_ENCRYPTED
&& cb->encryption_requested
&& !cb->encryption_failed) {
@ -1633,6 +1689,7 @@ void SecurityManager::on_link_encryption_result(
/* don't return an event yet since we are retrying */
return;
}
#endif // BLE_ROLE_CENTRAL
eventHandler->linkEncryptionResult(connection, result);
}
@ -1662,55 +1719,12 @@ void SecurityManager::on_passkey_display(
eventHandler->passkeyDisplay(connection, PasskeyAscii(passkey).value());
}
void SecurityManager::on_keypress_notification(
connection_handle_t connection,
ble::Keypress_t keypress
)
{
set_mitm_performed(connection);
eventHandler->keypressNotification(connection, keypress);
}
void SecurityManager::on_passkey_request(connection_handle_t connection)
{
set_mitm_performed(connection);
eventHandler->passkeyRequest(connection);
}
void SecurityManager::on_confirmation_request(connection_handle_t connection)
{
set_mitm_performed(connection);
eventHandler->confirmationRequest(connection);
}
void SecurityManager::on_secure_connections_oob_request(connection_handle_t connection)
{
set_mitm_performed(connection);
ControlBlock_t *cb = get_control_block(connection);
if (!cb) {
return;
}
SecurityDistributionFlags_t* flags = _db->get_distribution_flags(cb->db_entry);
if (!flags) {
return;
}
if (flags->peer_address == _oob_peer_address) {
_pal.secure_connections_oob_request_reply(connection, _oob_local_random, _oob_peer_random, _oob_peer_confirm);
/* do not re-use peer OOB */
set_all_zeros(_oob_peer_address);
} else {
_pal.cancel_pairing(connection, pairing_failure_t::OOB_NOT_AVAILABLE);
}
}
void SecurityManager::on_legacy_pairing_oob_request(connection_handle_t connection)
{
MBED_ASSERT(_db);
@ -1743,6 +1757,44 @@ void SecurityManager::on_legacy_pairing_oob_request(connection_handle_t connecti
}
}
#if BLE_FEATURE_SECURE_CONNECTIONS
void SecurityManager::on_keypress_notification(
connection_handle_t connection,
ble::Keypress_t keypress
)
{
set_mitm_performed(connection);
eventHandler->keypressNotification(connection, keypress);
}
void SecurityManager::on_confirmation_request(connection_handle_t connection)
{
set_mitm_performed(connection);
eventHandler->confirmationRequest(connection);
}
void SecurityManager::on_secure_connections_oob_request(connection_handle_t connection)
{
set_mitm_performed(connection);
ControlBlock_t *cb = get_control_block(connection);
if (!cb) {
return;
}
SecurityDistributionFlags_t* flags = _db->get_distribution_flags(cb->db_entry);
if (!flags) {
return;
}
if (flags->peer_address == _oob_peer_address) {
_pal.secure_connections_oob_request_reply(connection, _oob_local_random, _oob_peer_random, _oob_peer_confirm);
/* do not re-use peer OOB */
set_all_zeros(_oob_peer_address);
} else {
_pal.cancel_pairing(connection, pairing_failure_t::OOB_NOT_AVAILABLE);
}
}
void SecurityManager::on_secure_connections_oob_generated(
const oob_lesc_value_t &random,
@ -1752,12 +1804,13 @@ void SecurityManager::on_secure_connections_oob_generated(
eventHandler->oobGenerated(&_oob_local_address, &random, &confirm);
_oob_local_random = random;
}
#endif // BLE_FEATURE_SECURE_CONNECTIONS
////////////////////////////////////////////////////////////////////////////
// Keys
//
#if BLE_FEATURE_SECURE_CONNECTIONS
void SecurityManager::on_secure_connections_ltk_generated(
connection_handle_t connection,
const ltk_t &ltk
@ -1780,6 +1833,7 @@ void SecurityManager::on_secure_connections_ltk_generated(
_db->set_entry_peer_ltk(cb->db_entry, ltk);
_db->set_entry_local_ltk(cb->db_entry, ltk);
}
#endif // BLE_FEATURE_SECURE_CONNECTIONS
void SecurityManager::on_keys_distributed_ltk(
@ -1895,7 +1949,7 @@ void SecurityManager::on_keys_distributed_bdaddr(
);
}
#if BLE_FEATURE_SIGNING
void SecurityManager::on_keys_distributed_csrk(
connection_handle_t connection,
const csrk_t &csrk
@ -1921,6 +1975,7 @@ void SecurityManager::on_keys_distributed_csrk(
flags->csrk_mitm_protected
);
}
#endif // BLE_FEATURE_SIGNING
void SecurityManager::on_ltk_request(

47
connectivity/FEATURE_BLE/source/generic/SecurityManagerImpl.h
View File

@ -46,8 +46,11 @@ namespace impl {
class SecurityManager :
public ble::PalSecurityManagerEventHandler,
public ble::PalConnectionMonitorEventHandler,
public ble::PalSigningMonitorEventHandler {
public ble::PalConnectionMonitorEventHandler
#if BLE_FEATURE_SIGNING
, public ble::PalSigningMonitorEventHandler
#endif // BLE_FEATURE_SIGNING
{
friend class ble::PalConnectionMonitorEventHandler;
friend PalGenericAccessService;
@ -94,9 +97,13 @@ public:
// Pairing
//
#if BLE_ROLE_CENTRAL
ble_error_t requestPairing(ble::connection_handle_t connectionHandle);
#endif // BLE_ROLE_CENTRAL
#if BLE_ROLE_PERIPHERAL
ble_error_t acceptPairingRequest(ble::connection_handle_t connectionHandle);
#endif // BLE_ROLE_PERIPHERAL
ble_error_t cancelPairingRequest(ble::connection_handle_t connectionHandle);
@ -107,10 +114,11 @@ public:
////////////////////////////////////////////////////////////////////////////
// Feature support
//
#if BLE_FEATURE_SECURE_CONNECTIONS
ble_error_t allowLegacyPairing(bool allow = true);
ble_error_t getSecureConnectionsSupport(bool *enabled);
#endif // BLE_FEATURE_SECURE_CONNECTIONS
////////////////////////////////////////////////////////////////////////////
// Security settings
@ -161,26 +169,27 @@ public:
ble_error_t setOOBDataUsage(ble::connection_handle_t connectionHandle, bool useOOB, bool OOBProvidesMITM = true);
ble_error_t confirmationEntered(ble::connection_handle_t connectionHandle, bool confirmation);
ble_error_t passkeyEntered(ble::connection_handle_t connectionHandle, Passkey_t passkey);
ble_error_t sendKeypressNotification(ble::connection_handle_t connectionHandle, ble::Keypress_t keypress);
ble_error_t legacyPairingOobReceived(const ble::address_t *address, const ble::oob_tk_t *tk);
#if BLE_FEATURE_SECURE_CONNECTIONS
ble_error_t confirmationEntered(ble::connection_handle_t connectionHandle, bool confirmation);
ble_error_t sendKeypressNotification(ble::connection_handle_t connectionHandle, ble::Keypress_t keypress);
ble_error_t oobReceived(
const ble::address_t *address,
const ble::oob_lesc_value_t *random,
const ble::oob_confirm_t *confirm
);
#endif // BLE_FEATURE_SECURE_CONNECTIONS
////////////////////////////////////////////////////////////////////////////
// Keys
//
#if BLE_FEATURE_SIGNING
ble_error_t getSigningKey(ble::connection_handle_t connectionHandle, bool authenticated);
#endif // BLE_FEATURE_SIGNING
////////////////////////////////////////////////////////////////////////////
// Privacy
//
@ -241,6 +250,7 @@ private:
// Pairing
//
#if BLE_ROLE_PERIPHERAL
/** @copydoc PalSecurityManager::on_pairing_request
*/
void on_pairing_request(
@ -250,6 +260,7 @@ private:
KeyDistribution initiator_dist,
KeyDistribution responder_dist
) override;
#endif
/** @copydoc PalSecurityManager::on_pairing_error
*/
@ -280,6 +291,7 @@ private:
connection_handle_t connection
) override;
#if BLE_FEATURE_SIGNING
/** @copydoc PalSecurityManager::on_signed_write_received
*/
void on_signed_write_received(
@ -296,13 +308,16 @@ private:
/** @copydoc PalSecurityManager::on_signed_write
*/
void on_signed_write() override;
#endif // BLE_FEATURE_SIGNING
#if BLE_ROLE_CENTRAL
/** @copydoc PalSecurityManager::on_slave_security_request
*/
void on_slave_security_request(
connection_handle_t connection,
AuthenticationMask authentication
) override;
#endif // BLE_ROLE_CENTRAL
////////////////////////////////////////////////////////////////////////////
// Encryption
@ -332,12 +347,14 @@ private:
passkey_num_t passkey
) override;
#if BLE_FEATURE_SECURE_CONNECTIONS
/** @copydoc PalSecurityManager::on_keypress_notification
*/
void on_keypress_notification(
connection_handle_t connection,
ble::Keypress_t keypress
) override;
#endif // BLE_FEATURE_SECURE_CONNECTIONS
/** @copydoc PalSecurityManager::on_passkey_request
*/
@ -345,6 +362,7 @@ private:
connection_handle_t connection
) override;
#if BLE_FEATURE_SECURE_CONNECTIONS
/** @copydoc PalSecurityManager::on_confirmation_request
*/
void on_confirmation_request(
@ -356,6 +374,7 @@ private:
void on_secure_connections_oob_request(
connection_handle_t connection
) override;
#endif // BLE_FEATURE_SECURE_CONNECTIONS
/** @copydoc PalSecurityManager::on_legacy_pairing_oob_request
*/
@ -363,23 +382,27 @@ private:
connection_handle_t connection
) override;
#if BLE_FEATURE_SECURE_CONNECTIONS
/** @copydoc PalSecurityManager::on_secure_connections_oob_generated
*/
void on_secure_connections_oob_generated(
const oob_lesc_value_t &random,
const oob_confirm_t &confirm
) override;
#endif
////////////////////////////////////////////////////////////////////////////
// Keys
//
#if BLE_FEATURE_SECURE_CONNECTIONS
/** @copydoc PalSecurityManager::on_secure_connections_ltk_generated
*/
void on_secure_connections_ltk_generated(
connection_handle_t connection,
const ltk_t &ltk
) override;
#endif // BLE_FEATURE_SECURE_CONNECTIONS
/** @copydoc PalSecurityManager::on_keys_distributed_ltk
*/
@ -426,12 +449,14 @@ private:
const address_t &peer_identity_address
) override;
#if BLE_FEATURE_SIGNING
/** @copydoc PalSecurityManager::on_keys_distributed_csrk
*/
void on_keys_distributed_csrk(
connection_handle_t connection,
const csrk_t &csrk
) override;
#endif // BLE_FEATURE_SIGNING
/** @copydoc PalSecurityManager::on_ltk_requeston_ltk_request
*/
@ -516,9 +541,11 @@ private:
size_t size
);
#if BLE_ROLE_PERIPHERAL
ble_error_t slave_security_request(
connection_handle_t connection
);
#endif
ble_error_t enable_encryption(
connection_handle_t connection
@ -534,6 +561,7 @@ private:
const SecurityEntryKeys_t *entryKeys
);
#if BLE_FEATURE_SIGNING
void return_csrk_cb(
SecurityDb::entry_handle_t connection,
const SecurityEntrySigning_t *signing
@ -543,6 +571,7 @@ private:
SecurityDb::entry_handle_t connection,
const SecurityEntrySigning_t *signing
);
#endif
void update_oob_presence(
connection_handle_t connection

31
connectivity/FEATURE_BLE/source/pal/PalSecurityManager.h
View File

@ -212,6 +212,7 @@ public:
// Pairing
//
#if BLE_ROLE_PERIPHERAL
/**
* Request pairing. This is called on the slave in response to a request from the master.
* Upper layer shall either send a pairing response (send_pairing_response)
@ -230,6 +231,7 @@ public:
KeyDistribution initiator_dist,
KeyDistribution responder_dist
) = 0;
#endif
/**
* Indicate that the pairing has failed.
@ -277,6 +279,7 @@ public:
connection_handle_t connection
) = 0;
#if BLE_ROLE_CENTRAL
/**
* Ask the stack to evaluate the security request received from the slave.
* This might result in the stack enabling encryption, or pairing/re-pairing.
@ -288,6 +291,7 @@ public:
connection_handle_t connection,
AuthenticationMask authentication
) = 0;
#endif
////////////////////////////////////////////////////////////////////////////
// Encryption
@ -330,6 +334,7 @@ public:
passkey_num_t passkey
) = 0;
#if BLE_FEATURE_SECURE_CONNECTIONS
/**
* Indicate that user confirmation is required to confirm matching
* passkeys displayed on devices.
@ -340,6 +345,7 @@ public:
virtual void on_confirmation_request(
connection_handle_t connection
) = 0;
#endif
/**
* Request the passkey entered during pairing.
@ -352,6 +358,7 @@ public:
connection_handle_t connection
) = 0;
#if BLE_FEATURE_SECURE_CONNECTIONS
/**
* Indicate that a key has been pressed by the peer.
*
@ -374,6 +381,7 @@ public:
virtual void on_secure_connections_oob_request(
connection_handle_t connection
) = 0;
#endif // BLE_FEATURE_SECURE_CONNECTIONS
/**
* Request OOB data from the user application.
@ -386,6 +394,7 @@ public:
connection_handle_t connection
) = 0;
#if BLE_FEATURE_SECURE_CONNECTIONS
/**
* Send OOB data to the application for transport to the peer.
*
@ -399,11 +408,13 @@ public:
const oob_lesc_value_t &random,
const oob_confirm_t &confirm
) = 0;
#endif // BLE_FEATURE_SECURE_CONNECTIONS
////////////////////////////////////////////////////////////////////////////
// Keys
//
#if BLE_FEATURE_SECURE_CONNECTIONS
/**
* Store the results of key generation of the stage 2 of secure connections pairing
* @see BLUETOOTH SPECIFICATION Version 5.0 | Vol 3, Part H - 2.3.5.6.5
@ -415,6 +426,7 @@ public:
connection_handle_t connection,
const ltk_t &ltk
) = 0;
#endif // BLE_FEATURE_SECURE_CONNECTIONS
/**
* Store the results of key distribution after LTK has been received.
@ -491,6 +503,7 @@ public:
const address_t &peer_identity_address
) = 0;
#if BLE_FEATURE_SIGNING
/**
* Store the peer's CSRK after it has been distributed.
*
@ -501,6 +514,7 @@ public:
connection_handle_t connection,
const csrk_t &csrk
) = 0;
#endif // BLE_FEATURE_SIGNING
/**
* Request the LTK since the peer is asking us to encrypt the link. We need to
@ -563,6 +577,7 @@ public:
// Pairing
//
#if BLE_ROLE_CENTRAL
/**
* Send a pairing request to a slave.
*
@ -581,7 +596,9 @@ public:
KeyDistribution initiator_dist,
KeyDistribution responder_dist
) = 0;
#endif // BLE_ROLE_CENTRAL
#if BLE_ROLE_PERIPHERAL
/**
* Send a pairing response to a master.
*
@ -600,6 +617,7 @@ public:
KeyDistribution initiator_dist,
KeyDistribution responder_dist
) = 0;
#endif // BLE_ROLE_PERIPHERAL
/**
* Cancel an ongoing pairing.
@ -686,6 +704,7 @@ public:
uint8_t max_encryption_key_size
) = 0;
#if BLE_ROLE_PERIPHERAL
/**
* Request change of security level from the master. This is called by the slave when
* it needs to elevate the security level as it can't change it itself. This will be
@ -700,11 +719,13 @@ public:
connection_handle_t connection,
AuthenticationMask authentication
) = 0;
#endif
////////////////////////////////////////////////////////////////////////////
// Encryption
//
#if BLE_ROLE_CENTRAL
/**
* Enabled encryption using the LTK given. The EDIV and RAND will be sent to the peer and
* used to identify the LTK. This is called by the master. This will refresh the key if
@ -725,6 +746,7 @@ public:
bool mitm
) = 0;
#if BLE_FEATURE_SECURE_CONNECTIONS
/**
* Enabled encryption using the LTK given on a connection established with secure
* connections pairing.
@ -739,6 +761,8 @@ public:
const ltk_t &ltk,
bool mitm
) = 0;
#endif // BLE_FEATURE_SECURE_CONNECTIONS
#endif // BLE_ROLE_CENTRAL
/**
* Encrypt data with a given key. This uses the facility on the controller to
@ -804,6 +828,7 @@ public:
const address_t &address, bool public_address
) = 0;
#if BLE_FEATURE_SIGNING
/**
* Set the local CSRK.
*
@ -833,6 +858,7 @@ public:
) = 0;
virtual ble_error_t remove_peer_csrk(connection_handle_t connection) = 0;
#endif // BLE_FEATURE_SIGNING
////////////////////////////////////////////////////////////////////////////
// Authentication
@ -887,6 +913,7 @@ public:
passkey_num_t passkey
) = 0;
#if BLE_FEATURE_SECURE_CONNECTIONS
/**
* Reply to a Secure Connections oob data request received from the EventHandler.
*
@ -903,6 +930,7 @@ public:
const oob_lesc_value_t &peer_random,
const oob_confirm_t &peer_confirm
) = 0;
#endif // BLE_FEATURE_SECURE_CONNECTIONS
/**
* Reply to a legacy pairing oob data request received from the EventHandler.
@ -916,6 +944,7 @@ public:
const oob_tk_t &oob_data
) = 0;
#if BLE_FEATURE_SECURE_CONNECTIONS
/**
* Notify the stack that the user has confirmed the values during numerical
* comparison stage of pairing.
@ -942,11 +971,13 @@ public:
ble::Keypress_t keypress
) = 0;
/**
* Generate local OOB data to be sent to the application which sends it to the peer.
* @return BLE_ERROR_NONE On success, else an error code indicating reason for failure
*/
virtual ble_error_t generate_secure_connections_oob() = 0;
#endif // BLE_FEATURE_SECURE_CONNECTIONS
/* Entry points for the underlying stack to report events back to the user. */