generic security manager using the pal

2018-01-03 18:04:22 +00:00 · 2018-01-03 18:04:22 +00:00 · 69b248ae68
parent eee2ddf709
commit 69b248ae68
3 changed files with 131 additions and 11 deletions
--- a/features/FEATURE_BLE/ble/SecurityManager.h
+++ b/features/FEATURE_BLE/ble/SecurityManager.h
@ -328,6 +328,13 @@ public:
        }
    }

+    virtual ble_error_t preserveBondingStateOnReset(bool enable) {
+        /* Avoid compiler warnings about unused variables */
+        (void) addresses;
+
+        return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
+    }
+
    /* Entry points for the underlying stack to report events back to the user. */
 public:
    /** @deprecated */
@ -370,6 +377,8 @@ protected:
        passkeyDisplayCallback() {
        eventHandler = new SecurityManagerEventHandler();
    }
+
+    virtual ~SecurityManager() { };
 public:
    /**
     * Notify all registered onShutdown callbacks that the SecurityManager is
--- a/features/FEATURE_BLE/ble/pal/PalSm.h
+++ b/features/FEATURE_BLE/ble/pal/PalSm.h
@ -63,16 +63,16 @@ struct resolving_list_t {
 };

 /** Representation of a bonded list. */
-struct boonded_list_t {
+struct bonded_list_t {
    bonded_list_entry_t *entries; /**< pointer to array storing the entries */
    uint8_t size; /**< actual number of entries */
    uint8_t capacity;  /**< number of entries that can be stored */
 };


-class SecurityManagerPal : private mbed::NonCopyable<SecurityManagerPal> {
+class SecurityManager : private mbed::NonCopyable<SecurityManager> {
 public:
-    SecurityManagerPal(SecurityManagerEventHandler* event_handler) : _event_handler(event_handler) { };
+    SecurityManager() : _event_handler(NULL) { };

    virtual ble_error_t initialize() = 0;
    virtual ble_error_t terminate() = 0;
@ -80,11 +80,14 @@ public:

    /* for persistence */

-    virtual ble_error_t get_bonded_list(boonded_list_t *list) = 0;
-    virtual ble_error_t set_bonded_list(boonded_list_t *list) = 0;
+    virtual ble_error_t get_bonded_list(bonded_list_t &list) = 0;
+    virtual ble_error_t set_bonded_list(bonded_list_t &list) = 0;

-    virtual ble_error_t get_resolving_list(resolving_list_t *list) = 0;
-    virtual ble_error_t set_resolving_list(resolving_list_t *list) = 0;
+    virtual ble_error_t get_resolving_list(resolving_list_t &list) = 0;
+    virtual ble_error_t set_resolving_list(resolving_list_t &list) = 0;
+
+    virtual ble_error_t get_whitelist(Gap::Whitelist_t &addresses) = 0;
+    virtual ble_error_t set_whitelist(Gap::Whitelist_t &addresses) = 0;

    /* security settings */

@ -109,14 +112,14 @@ public:

    /* security level */

-    virtual ble_error_t set_link_security_settings(connection_handle_t address,
+    virtual ble_error_t set_security_settings(connection_handle_t address,
                                                   bool bondable = true,
                                                   SecurityIOCapabilities_t iocaps = IO_CAPS_NONE,
                                                   bool use_oob = false,
                                                   bool send_keypresses = false) = 0;

    /* triggers pairing if required */
-    virtual ble_error_t request_security_mode(connection_handle_t handle,
+    virtual ble_error_t set_security_mode(connection_handle_t handle,
                                              SecurityMode_t mode) = 0;

    virtual ble_error_t get_encryption_status(connection_handle_t handle,
@ -128,8 +131,8 @@ public:
    virtual ble_error_t passkey_entered(connection_handle_t, passkey_t passkey) = 0;
    virtual ble_error_t send_keypress_notification(connection_handle_t, Keypress_t keypress) = 0;

-    virtual ble_error_t set_link_oob(connection_handle_t handle, c192_t*, r192_t*) = 0;
-    virtual ble_error_t set_link_extended_oob(connection_handle_t handle, c192_t*, r192_t*,c256_t*, r256_t*) = 0;
+    virtual ble_error_t set_oob(connection_handle_t handle, c192_t*, r192_t*) = 0;
+    virtual ble_error_t set_extended_oob(connection_handle_t handle, c192_t*, r192_t*,c256_t*, r256_t*) = 0;
    virtual ble_error_t get_local_oob_data(connection_handle_t handle, c192_t*, r192_t*) = 0;
    virtual ble_error_t get_local_extended_oob_data(connection_handle_t handle, c192_t*, r192_t*,c256_t*, r256_t*) = 0;

--- a/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp
+++ b/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp
@ -0,0 +1,108 @@
+/* mbed Microcontroller Library
+ * Copyright (c) 2006-2015 ARM Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef __GENERIC_SECURITY_MANAGER_H__
+#define __GENERIC_SECURITY_MANAGER_H__
+
+#include "SecurityManager.h"
+#include "PalSm.h"
+
+class GenericSecurityManager : public SecurityManager {
+public:
+    
+    virtual ble_error_t init(bool                     enableBonding = true,
+                             bool                     requireMITM   = true,
+                             SecurityIOCapabilities_t iocaps        = IO_CAPS_NONE,
+                             const Passkey_t          passkey       = NULL) {
+        /* Avoid compiler warnings about unused variables. */
+        (void)enableBonding;
+        (void)requireMITM;
+        (void)iocaps;
+        (void)passkey;
+
+        loadState();
+
+        return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
+    }
+
+    void saveState() {
+        if (saveStateEnabled) {
+            /*save lists */
+        }
+    }
+
+    void loadState() {
+        if (saveStateEnabled) {
+            /*load lists */
+        }
+    }
+
+    virtual ble_error_t getLinkSecurity(Gap::Handle_t connectionHandle, LinkSecurityStatus_t *securityStatusP) {
+        /* Avoid compiler warnings about unused variables. */
+        (void)connectionHandle;
+        (void)securityStatusP;
+
+        return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
+    }
+
+    ble_error_t setLinkSecurity(Gap::Handle_t connectionHandle, SecurityMode_t securityMode) {
+        return pal.set_security_mode(connectionHandle, securityMode);
+    }
+
+    ble_error_t purgeAllBondingState(void) {
+        ble::pal::bonded_list_t empty_list = { NULL, 0, 0 };
+        return pal.set_bonded_list(empty_list);
+    }
+
+    ble_error_t getAddressesFromBondTable(Gap::Whitelist_t &addresses) const {
+        return pal.get_whitelist(addresses);
+    }
+
+    ble_error_t setOOBDataUsage(Gap::Handle_t connectionHandle, bool useOOB, bool OOBProvidesMITM) {
+        /*
+        [].useOOB = useOOB;
+        [].OOBProvidesMITM = OOBProvidesMITM;
+        */
+
+        return BLE_ERROR_NONE;
+    }
+
+    ble_error_t preserveBondingStateOnReset(bool enabled) {
+        saveStateEnabled = enabled;
+        return BLE_ERROR_NONE;
+    }
+
+protected:
+    GenericSecurityManager(ble::pal::SecurityManager& palImpl) : pal(palImpl), saveStateEnabled(false) {
+        eventHandler = new SecurityManagerEventHandler();
+        pal.setSecurityManagerEventHandler(eventHandler);
+    }
+public:
+    
+    ble_error_t reset(void) {
+        saveState();
+        SecurityManager::reset();
+        pal.setSecurityManagerEventHandler(eventHandler);
+
+        return BLE_ERROR_NONE;
+    }
+
+private:
+    ble::pal::SecurityManager& pal;
+    bool saveStateEnabled;
+};
+
+#endif /*__GENERIC_SECURITY_MANAGER_H__*/