mitm callbacks

2018-01-02 17:54:22 +00:00 · 2018-01-02 17:54:22 +00:00 · 6f7da0ce1d
parent ed405e1849
commit 6f7da0ce1d
2 changed files with 162 additions and 31 deletions
--- a/features/FEATURE_BLE/ble/SecurityManager.h
+++ b/features/FEATURE_BLE/ble/SecurityManager.h
@ -26,6 +26,14 @@

 class SecurityManager {
 public:
+    enum Keypress_t {
+        KEYPRESS_STARTED, /* Passkey entry started */
+        KEYPRESS_ENTERED, /* Passkey digit entered */
+        KEYPRESS_ERASED, /* Passkey digit erased */
+        KEYPRESS_CLEARED, /* Passkey cleared */
+        KEYPRESS_COMPLETED, /* Passkey entry completed */
+    };
+
    enum SecurityMode_t {
        SECURITY_MODE_NO_ACCESS,
        SECURITY_MODE_ENCRYPTION_OPEN_LINK, /**< Require no protection, open link. */
@ -84,19 +92,41 @@ public:
    typedef void (*LinkSecuredCallback_t)(Gap::Handle_t handle, SecurityMode_t securityMode);
    typedef void (*PasskeyDisplayCallback_t)(Gap::Handle_t handle, const Passkey_t passkey);

+    typedef void (*ValidMicTimeout_t)(Gap::Handle_t handle);
+    typedef void (*Link_key_failure_t)(Gap::Handle_t handle);
+    typedef void (*KeypressNotification_t)(Gap::Handle_t handle, Keypress_t keypress);
+    typedef void (*OobRequest_t)(Gap::Handle_t handle, bool extended = false);
+    typedef void (*PinRequest_t)(Gap::Handle_t handle);
+    typedef void (*PasskeyRequest_t)(Gap::Handle_t handle);
+    typedef void (*ConfirmationRequest_t)(Gap::Handle_t handle);
+
    struct SecurityManagerEventBlock {
        SecurityManagerEventBlock () :
            securitySetupInitiatedCallback(),
            securitySetupCompletedCallback(),
            linkSecuredCallback(),
            securityContextStoredCallback(),
-            passkeyDisplayCallback() { }
+            passkeyDisplayCallback(),
+            validMicTimeoutCallback(),
+            linkKeyFailureCallback(),
+            keypressNotificationCallback(),
+            oobRequestCallback(),
+            pinRequestCallback(),
+            passkeyRequestCallback(),
+            confirmationRequestCallback() { }

        SecuritySetupInitiatedCallback_t securitySetupInitiatedCallback;
        SecuritySetupCompletedCallback_t securitySetupCompletedCallback;
        LinkSecuredCallback_t            linkSecuredCallback;
        HandleSpecificEvent_t            securityContextStoredCallback;
        PasskeyDisplayCallback_t         passkeyDisplayCallback;
+        ValidMicTimeout_t                validMicTimeoutCallback;
+        Link_key_failure_t               linkKeyFailureCallback;
+        KeypressNotification_t           keypressNotificationCallback;
+        OobRequest_t                     oobRequestCallback;
+        PinRequest_t                     pinRequestCallback;
+        PasskeyRequest_t                 passkeyRequestCallback;
+        ConfirmationRequest_t            confirmationRequestCallback;
    };

 public:
@ -201,6 +231,15 @@ public:
        return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
    }

+    virtual ble_error_t setOOBDataUsage(Gap::Handle_t connectionHandle, bool useOOB, bool OOBProvidesMITM) {
+        /* Avoid compiler warnings about unused variables */
+        (void) connectionHandle;
+        (void) useOOB;
+        (void) OOBProvidesMITM;
+
+        return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
+    }
+
    /* Event callback handlers. */
 public:
    /**
@ -295,6 +334,48 @@ public:
        }
    }

+    void processValidMicTimeout(Gap::Handle_t handle) {
+        if (_evt.validMicTimeoutCallback) {
+            _evt.validMicTimeoutCallback(handle);
+        }
+    }
+
+    void processLinkKeyFailure(Gap::Handle_t handle) {
+        if (_evt.linkKeyFailureCallback) {
+            _evt.linkKeyFailureCallback(handle);
+        }
+    }
+
+    void processKeypress(Gap::Handle_t handle, keypress_t keypress) {
+        if (_evt.keypressCallback) {
+            _evt.keypressCallback(handle, keypress);
+        }
+    }
+
+    void processOobRequest(Gap::Handle_t handle, bool extended = false) {
+        if (_evt.oobRequestCallback) {
+            _evt.oobRequestCallback(handle, extended);
+        }
+    }
+
+    void processPinRequest(Gap::Handle_t handle) {
+        if (_evt.pinRequestCallback) {
+            _evt.pinRequestCallback(handle);
+        }
+    }
+
+    void processPasskeyRequest(Gap::Handle_t handle) {
+        if (_evt.passkeyRequestCallback) {
+            _evt.passkeyRequestCallback(handle);
+        }
+    }
+
+    void processConfirmationRequest(Gap::Handle_t handle) {
+        if (_evt.confirmationRequestCallback) {
+            _evt.confirmationRequestCallback(handle);
+        }
+    }
+
 protected:
    SecurityManager() {
        /* empty */
--- a/features/FEATURE_BLE/ble/pal/PalSm.h
+++ b/features/FEATURE_BLE/ble/pal/PalSm.h
@ -19,9 +19,12 @@ namespace ble {
 namespace pal {

 using SecurityManager::SecurityIOCapabilities_t;
+using SecurityManager::IO_CAPS_NONE;
 using SecurityManager::SecurityCompletionStatus_t;
 using SecurityManager::SecurityMode_t;
+using SecurityManager::LinkSecurityStatus_t;
 using SecurityManager::Passkey_t;
+using SecurityManager::Keypress_t;
 using SecurityManager::SecurityManagerEventBlock;

 using BLEProtocol::AddressBytes_t;
@ -39,14 +42,6 @@ typedef uint8_t r192_t[16];
 typedef uint8_t c256_t[16];
 typedef uint8_t r256_t[16];

-enum keypress_t {
-    KEYPRESS_STARTED, /* Passkey entry started */
-    KEYPRESS_ENTERED, /* Passkey digit entered */
-    KEYPRESS_ERASED, /* Passkey digit erased */
-    KEYPRESS_CLEARED, /* Passkey cleared */
-    KEYPRESS_COMPLETED, /* Passkey entry completed */
-};
-
 struct bonded_list_entry_t {
    Address_t peer_address;
    ediv_t ediv;
@ -114,16 +109,24 @@ public:

    /* security level */

-    virtual ble_error_t set_link_security(connection_handle_t handle, bool bondable, bool mitm, SecurityIOCapabilities_t iocaps) = 0;
-    virtual ble_error_t get_link_security(connection_handle_t handle, bool *bondable, bool *mitm, SecurityIOCapabilities_t *iocaps) = 0;
+    virtual ble_error_t set_link_security_settings(AddressBytes_t address,
+                                                   bool bondable = true,
+                                                   SecurityIOCapabilities_t iocaps = IO_CAPS_NONE,
+                                                   bool use_oob = false,
+                                                   bool send_keypresses = false) = 0;
+
+    /* triggers pairing if required */
+    virtual ble_error_t request_security_mode(connection_handle_t handle,
+                                              SecurityMode_t mode) = 0;
+
+    virtual ble_error_t get_encryption_status(connection_handle_t handle,
+                                              LinkSecurityStatus_t *mode) = 0;

    /* MITM */

-    virtual ble_error_t use_oob(AddressBytes_t handle, bool enabled) = 0;
-
    virtual ble_error_t confirmation_entered(AddressBytes_t address, bool confirmation) = 0;
    virtual ble_error_t passkey_entered(AddressBytes_t, passkey_t passkey) = 0;
-    virtual ble_error_t send_keypress_notification(AddressBytes_t, keypress_t keypress) = 0;
+    virtual ble_error_t send_keypress_notification(AddressBytes_t, Keypress_t keypress) = 0;

    virtual ble_error_t set_link_oob(AddressBytes_t handle, c192_t*, r192_t*) = 0;
    virtual ble_error_t set_link_extended_oob(AddressBytes_t handle, c192_t*, r192_t*,c256_t*, r256_t*) = 0;
@ -132,33 +135,80 @@ public:

    /* Entry points for the underlying stack to report events back to the user. */
 public:
-    void process_valid_mic_timeout(connection_handle_t handle) = 0;
-    void process_keypress(AddressBytes_t handle, keypress_t keypress) = 0;
-    void process_oob_request(AddressBytes_t handle, bool extended = false) = 0;
-    void process_pin_request(AddressBytes_t handle) = 0;
-    void process_passkey_request(AddressBytes_t handle) = 0;
-    void process_confirmation_request(AddressBytes_t handle) = 0;
-
-    void process_link_key_failure(connection_handle_t handle) = 0;
-
-    void process_security_setup_initiated_event(connection_handle_t handle, bool allow_bonding, bool require_mitm, SecurityIOCapabilities_t iocaps) {
-        _evt.securitySetupInitiatedCallback(handle, allow_bonding, require_mitm, iocaps);
+    void process_security_setup_initiated_event(connection_handle_t handle,
+                                                bool allow_bonding,
+                                                bool require_mitm,
+                                                SecurityIOCapabilities_t iocaps) {
+        if (_evt.securitySetupInitiatedCallback) {
+            _evt.securitySetupInitiatedCallback(handle, allow_bonding, require_mitm, iocaps);
+        }
    }

-    void process_security_setupCompleted_event(connection_handle_t handle, SecurityCompletionStatus_t status) {
-        _evt.securitySetupCompletedCallback(handle, status);
+    void process_security_setupCompleted_event(connection_handle_t handle,
+                                               SecurityCompletionStatus_t status) {
+        if (_evt.securitySetupCompletedCallback) {
+            _evt.securitySetupCompletedCallback(handle, status);
+        }
    }

    void process_link_secured_event(connection_handle_t handle, SecurityMode_t security_mode) {
-        _evt.linkSecuredCallback(handle, security_mode);
+        if (_evt.linkSecuredCallback) {
+            _evt.linkSecuredCallback(handle, security_mode);
+        }
    }

    void process_security_context_stored_event(connection_handle_t handle) {
-        _evt.securityContextStoredCallback(handle);
+        if (_evt.securityContextStoredCallback) {
+            _evt.securityContextStoredCallback(handle);
+        }
    }

-    void process_Passkey_display_event(connection_handle_t handle, const Passkey_t passkey) {
-        _evt.passkeyDisplayCallback(handle, passkey);
+    void process_passkey_display_event(connection_handle_t handle, const Passkey_t passkey) {
+        if (_evt.passkeyDisplayCallback) {
+            _evt.passkeyDisplayCallback(handle, passkey);
+        }
+    }
+
+    void process_valid_mic_timeout(connection_handle_t handle) {
+        if (_evt.validMicTimeoutCallback) {
+            _evt.validMicTimeoutCallback(handle);
+        }
+    }
+
+    void process_link_key_failure(connection_handle_t handle) {
+        if (_evt.linkKeyFailureCallback) {
+            _evt.linkKeyFailureCallback(handle);
+        }
+    }
+
+    void process_keypress_notification(connection_handle_t handle, Keypress_t keypress) {
+        if (_evt.keypressNotificationCallback) {
+            _evt.keypressNotificationCallback(handle, keypress);
+        }
+    }
+
+    void process_oob_request(connection_handle_t handle, bool extended = false) {
+        if (_evt.oobRequestCallback) {
+            _evt.oobRequestCallback(handle, extended);
+        }
+    }
+
+    void process_pin_request(connection_handle_t handle) {
+        if (_evt.pinRequestCallback) {
+            _evt.pinRequestCallback(handle);
+        }
+    }
+
+    void process_passkey_request(connection_handle_t handle) {
+        if (_evt.passkeyRequestCallback) {
+            _evt.passkeyRequestCallback(handle);
+        }
+    }
+
+    void process_confirmation_request(connection_handle_t handle) {
+        if (_evt.confirmationRequestCallback) {
+            _evt.confirmationRequestCallback(handle);
+        }
    }

 private: