diff --git a/features/FEATURE_BLE/ble/SecurityManager.h b/features/FEATURE_BLE/ble/SecurityManager.h index 3e5471200a..ab7357a887 100644 --- a/features/FEATURE_BLE/ble/SecurityManager.h +++ b/features/FEATURE_BLE/ble/SecurityManager.h @@ -26,6 +26,14 @@ class SecurityManager { public: + enum Keypress_t { + KEYPRESS_STARTED, /* Passkey entry started */ + KEYPRESS_ENTERED, /* Passkey digit entered */ + KEYPRESS_ERASED, /* Passkey digit erased */ + KEYPRESS_CLEARED, /* Passkey cleared */ + KEYPRESS_COMPLETED, /* Passkey entry completed */ + }; + enum SecurityMode_t { SECURITY_MODE_NO_ACCESS, SECURITY_MODE_ENCRYPTION_OPEN_LINK, /**< Require no protection, open link. */ @@ -84,19 +92,41 @@ public: typedef void (*LinkSecuredCallback_t)(Gap::Handle_t handle, SecurityMode_t securityMode); typedef void (*PasskeyDisplayCallback_t)(Gap::Handle_t handle, const Passkey_t passkey); + typedef void (*ValidMicTimeout_t)(Gap::Handle_t handle); + typedef void (*Link_key_failure_t)(Gap::Handle_t handle); + typedef void (*KeypressNotification_t)(Gap::Handle_t handle, Keypress_t keypress); + typedef void (*OobRequest_t)(Gap::Handle_t handle, bool extended = false); + typedef void (*PinRequest_t)(Gap::Handle_t handle); + typedef void (*PasskeyRequest_t)(Gap::Handle_t handle); + typedef void (*ConfirmationRequest_t)(Gap::Handle_t handle); + struct SecurityManagerEventBlock { SecurityManagerEventBlock () : securitySetupInitiatedCallback(), securitySetupCompletedCallback(), linkSecuredCallback(), securityContextStoredCallback(), - passkeyDisplayCallback() { } + passkeyDisplayCallback(), + validMicTimeoutCallback(), + linkKeyFailureCallback(), + keypressNotificationCallback(), + oobRequestCallback(), + pinRequestCallback(), + passkeyRequestCallback(), + confirmationRequestCallback() { } SecuritySetupInitiatedCallback_t securitySetupInitiatedCallback; SecuritySetupCompletedCallback_t securitySetupCompletedCallback; LinkSecuredCallback_t linkSecuredCallback; HandleSpecificEvent_t securityContextStoredCallback; PasskeyDisplayCallback_t passkeyDisplayCallback; + ValidMicTimeout_t validMicTimeoutCallback; + Link_key_failure_t linkKeyFailureCallback; + KeypressNotification_t keypressNotificationCallback; + OobRequest_t oobRequestCallback; + PinRequest_t pinRequestCallback; + PasskeyRequest_t passkeyRequestCallback; + ConfirmationRequest_t confirmationRequestCallback; }; public: @@ -201,6 +231,15 @@ public: return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */ } + virtual ble_error_t setOOBDataUsage(Gap::Handle_t connectionHandle, bool useOOB, bool OOBProvidesMITM) { + /* Avoid compiler warnings about unused variables */ + (void) connectionHandle; + (void) useOOB; + (void) OOBProvidesMITM; + + return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */ + } + /* Event callback handlers. */ public: /** @@ -295,6 +334,48 @@ public: } } + void processValidMicTimeout(Gap::Handle_t handle) { + if (_evt.validMicTimeoutCallback) { + _evt.validMicTimeoutCallback(handle); + } + } + + void processLinkKeyFailure(Gap::Handle_t handle) { + if (_evt.linkKeyFailureCallback) { + _evt.linkKeyFailureCallback(handle); + } + } + + void processKeypress(Gap::Handle_t handle, keypress_t keypress) { + if (_evt.keypressCallback) { + _evt.keypressCallback(handle, keypress); + } + } + + void processOobRequest(Gap::Handle_t handle, bool extended = false) { + if (_evt.oobRequestCallback) { + _evt.oobRequestCallback(handle, extended); + } + } + + void processPinRequest(Gap::Handle_t handle) { + if (_evt.pinRequestCallback) { + _evt.pinRequestCallback(handle); + } + } + + void processPasskeyRequest(Gap::Handle_t handle) { + if (_evt.passkeyRequestCallback) { + _evt.passkeyRequestCallback(handle); + } + } + + void processConfirmationRequest(Gap::Handle_t handle) { + if (_evt.confirmationRequestCallback) { + _evt.confirmationRequestCallback(handle); + } + } + protected: SecurityManager() { /* empty */ diff --git a/features/FEATURE_BLE/ble/pal/PalSm.h b/features/FEATURE_BLE/ble/pal/PalSm.h index 3d52e337dc..413152721f 100644 --- a/features/FEATURE_BLE/ble/pal/PalSm.h +++ b/features/FEATURE_BLE/ble/pal/PalSm.h @@ -19,9 +19,12 @@ namespace ble { namespace pal { using SecurityManager::SecurityIOCapabilities_t; +using SecurityManager::IO_CAPS_NONE; using SecurityManager::SecurityCompletionStatus_t; using SecurityManager::SecurityMode_t; +using SecurityManager::LinkSecurityStatus_t; using SecurityManager::Passkey_t; +using SecurityManager::Keypress_t; using SecurityManager::SecurityManagerEventBlock; using BLEProtocol::AddressBytes_t; @@ -39,14 +42,6 @@ typedef uint8_t r192_t[16]; typedef uint8_t c256_t[16]; typedef uint8_t r256_t[16]; -enum keypress_t { - KEYPRESS_STARTED, /* Passkey entry started */ - KEYPRESS_ENTERED, /* Passkey digit entered */ - KEYPRESS_ERASED, /* Passkey digit erased */ - KEYPRESS_CLEARED, /* Passkey cleared */ - KEYPRESS_COMPLETED, /* Passkey entry completed */ -}; - struct bonded_list_entry_t { Address_t peer_address; ediv_t ediv; @@ -114,16 +109,24 @@ public: /* security level */ - virtual ble_error_t set_link_security(connection_handle_t handle, bool bondable, bool mitm, SecurityIOCapabilities_t iocaps) = 0; - virtual ble_error_t get_link_security(connection_handle_t handle, bool *bondable, bool *mitm, SecurityIOCapabilities_t *iocaps) = 0; + virtual ble_error_t set_link_security_settings(AddressBytes_t address, + bool bondable = true, + SecurityIOCapabilities_t iocaps = IO_CAPS_NONE, + bool use_oob = false, + bool send_keypresses = false) = 0; + + /* triggers pairing if required */ + virtual ble_error_t request_security_mode(connection_handle_t handle, + SecurityMode_t mode) = 0; + + virtual ble_error_t get_encryption_status(connection_handle_t handle, + LinkSecurityStatus_t *mode) = 0; /* MITM */ - virtual ble_error_t use_oob(AddressBytes_t handle, bool enabled) = 0; - virtual ble_error_t confirmation_entered(AddressBytes_t address, bool confirmation) = 0; virtual ble_error_t passkey_entered(AddressBytes_t, passkey_t passkey) = 0; - virtual ble_error_t send_keypress_notification(AddressBytes_t, keypress_t keypress) = 0; + virtual ble_error_t send_keypress_notification(AddressBytes_t, Keypress_t keypress) = 0; virtual ble_error_t set_link_oob(AddressBytes_t handle, c192_t*, r192_t*) = 0; virtual ble_error_t set_link_extended_oob(AddressBytes_t handle, c192_t*, r192_t*,c256_t*, r256_t*) = 0; @@ -132,33 +135,80 @@ public: /* Entry points for the underlying stack to report events back to the user. */ public: - void process_valid_mic_timeout(connection_handle_t handle) = 0; - void process_keypress(AddressBytes_t handle, keypress_t keypress) = 0; - void process_oob_request(AddressBytes_t handle, bool extended = false) = 0; - void process_pin_request(AddressBytes_t handle) = 0; - void process_passkey_request(AddressBytes_t handle) = 0; - void process_confirmation_request(AddressBytes_t handle) = 0; - - void process_link_key_failure(connection_handle_t handle) = 0; - - void process_security_setup_initiated_event(connection_handle_t handle, bool allow_bonding, bool require_mitm, SecurityIOCapabilities_t iocaps) { - _evt.securitySetupInitiatedCallback(handle, allow_bonding, require_mitm, iocaps); + void process_security_setup_initiated_event(connection_handle_t handle, + bool allow_bonding, + bool require_mitm, + SecurityIOCapabilities_t iocaps) { + if (_evt.securitySetupInitiatedCallback) { + _evt.securitySetupInitiatedCallback(handle, allow_bonding, require_mitm, iocaps); + } } - void process_security_setupCompleted_event(connection_handle_t handle, SecurityCompletionStatus_t status) { - _evt.securitySetupCompletedCallback(handle, status); + void process_security_setupCompleted_event(connection_handle_t handle, + SecurityCompletionStatus_t status) { + if (_evt.securitySetupCompletedCallback) { + _evt.securitySetupCompletedCallback(handle, status); + } } void process_link_secured_event(connection_handle_t handle, SecurityMode_t security_mode) { - _evt.linkSecuredCallback(handle, security_mode); + if (_evt.linkSecuredCallback) { + _evt.linkSecuredCallback(handle, security_mode); + } } void process_security_context_stored_event(connection_handle_t handle) { - _evt.securityContextStoredCallback(handle); + if (_evt.securityContextStoredCallback) { + _evt.securityContextStoredCallback(handle); + } } - void process_Passkey_display_event(connection_handle_t handle, const Passkey_t passkey) { - _evt.passkeyDisplayCallback(handle, passkey); + void process_passkey_display_event(connection_handle_t handle, const Passkey_t passkey) { + if (_evt.passkeyDisplayCallback) { + _evt.passkeyDisplayCallback(handle, passkey); + } + } + + void process_valid_mic_timeout(connection_handle_t handle) { + if (_evt.validMicTimeoutCallback) { + _evt.validMicTimeoutCallback(handle); + } + } + + void process_link_key_failure(connection_handle_t handle) { + if (_evt.linkKeyFailureCallback) { + _evt.linkKeyFailureCallback(handle); + } + } + + void process_keypress_notification(connection_handle_t handle, Keypress_t keypress) { + if (_evt.keypressNotificationCallback) { + _evt.keypressNotificationCallback(handle, keypress); + } + } + + void process_oob_request(connection_handle_t handle, bool extended = false) { + if (_evt.oobRequestCallback) { + _evt.oobRequestCallback(handle, extended); + } + } + + void process_pin_request(connection_handle_t handle) { + if (_evt.pinRequestCallback) { + _evt.pinRequestCallback(handle); + } + } + + void process_passkey_request(connection_handle_t handle) { + if (_evt.passkeyRequestCallback) { + _evt.passkeyRequestCallback(handle); + } + } + + void process_confirmation_request(connection_handle_t handle) { + if (_evt.confirmationRequestCallback) { + _evt.confirmationRequestCallback(handle); + } } private: