From 81126ad7ce6435bb1bc539b0825af139b122e3b0 Mon Sep 17 00:00:00 2001 From: Vincent Coubard Date: Tue, 27 Feb 2018 14:35:56 +0000 Subject: [PATCH] BLE: remove draft of nordic pal security manager. --- .../source/nRF5xPalSecurityManager.cpp | 614 ------------------ .../source/nRF5xPalSecurityManager.h | 333 ---------- 2 files changed, 947 deletions(-) delete mode 100644 features/FEATURE_BLE/targets/TARGET_NORDIC/TARGET_NRF5/source/nRF5xPalSecurityManager.cpp delete mode 100644 features/FEATURE_BLE/targets/TARGET_NORDIC/TARGET_NRF5/source/nRF5xPalSecurityManager.h diff --git a/features/FEATURE_BLE/targets/TARGET_NORDIC/TARGET_NRF5/source/nRF5xPalSecurityManager.cpp b/features/FEATURE_BLE/targets/TARGET_NORDIC/TARGET_NRF5/source/nRF5xPalSecurityManager.cpp deleted file mode 100644 index e5ee394bbb..0000000000 --- a/features/FEATURE_BLE/targets/TARGET_NORDIC/TARGET_NRF5/source/nRF5xPalSecurityManager.cpp +++ /dev/null @@ -1,614 +0,0 @@ -/* mbed Microcontroller Library - * Copyright (c) 2018-2018 ARM Limited - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "nRF5xPalSecurityManager.h" -#include "nrf_ble.h" -#include "nrf_ble_gap.h" - -namespace ble { -namespace pal { -namespace vendor { -namespace nordic { - -namespace { -static ble_error_t convert_sd_error(uint32_t err) { - // TODO: implementation - return err ? BLE_ERROR_UNSPECIFIED : BLE_ERROR_NONE; -} -} - - -nRF5xSecurityManager::nRF5xSecurityManager() - : ::ble::pal::SecurityManager(), - _io_capability(io_capability_t::NO_INPUT_NO_OUTPUT), - _max_encryption_key_size(16) -{ - -} - -nRF5xSecurityManager::~nRF5xSecurityManager() -{ - -} - -//////////////////////////////////////////////////////////////////////////// -// SM lifecycle management -// - -ble_error_t nRF5xSecurityManager::initialize() -{ - return BLE_ERROR_NOT_IMPLEMENTED; -} - -ble_error_t nRF5xSecurityManager::terminate() -{ - return BLE_ERROR_NOT_IMPLEMENTED; -} - -ble_error_t nRF5xSecurityManager::reset() -{ - return BLE_ERROR_NOT_IMPLEMENTED; -} - -//////////////////////////////////////////////////////////////////////////// -// Resolving list management -// - -// FIXME: on nordic, the irk is passed in sd_ble_gap_scan_start where whitelist -// and resolving list are all mixed up. - -uint8_t nRF5xSecurityManager::read_resolving_list_capacity() -{ - // FIXME: implement - return 0; -} - -ble_error_t nRF5xSecurityManager::add_device_to_resolving_list( - advertising_peer_address_type_t peer_identity_address_type, - const address_t &peer_identity_address, - const irk_t &peer_irk -) { - return BLE_ERROR_NOT_IMPLEMENTED; -} - -ble_error_t nRF5xSecurityManager::remove_device_from_resolving_list( - advertising_peer_address_type_t peer_identity_address_type, - const address_t &peer_identity_address -) { - return BLE_ERROR_NOT_IMPLEMENTED; -} - -ble_error_t nRF5xSecurityManager::clear_resolving_list() -{ - return BLE_ERROR_NOT_IMPLEMENTED; -} - -//////////////////////////////////////////////////////////////////////////// -// Feature support -// - -ble_error_t nRF5xSecurityManager::get_secure_connections_support( - bool &enabled -) { - return BLE_ERROR_NOT_IMPLEMENTED; -} - -ble_error_t nRF5xSecurityManager::set_io_capability( - io_capability_t io_capability -) { - _io_capability = io_capability; - return BLE_ERROR_NONE; -} - - -//////////////////////////////////////////////////////////////////////////// -// Security settings -// - -ble_error_t nRF5xSecurityManager::set_authentication_timeout( - connection_handle_t connection, uint16_t timeout_in_10ms -) { - // NOTE: Nothing in the Nordic API to manipulate the authentication timeout - return BLE_ERROR_NOT_IMPLEMENTED; -} - -ble_error_t nRF5xSecurityManager::get_authentication_timeout( - connection_handle_t connection, uint16_t &timeout_in_10ms -) { - return BLE_ERROR_NOT_IMPLEMENTED; -} - -ble_error_t nRF5xSecurityManager::set_encryption_key_requirements( - uint8_t min_encryption_key_size, - uint8_t max_encryption_key_size -) { - _max_encryption_key_size = max_encryption_key_size; - return BLE_ERROR_NONE; -} - -ble_error_t nRF5xSecurityManager::slave_security_request( - connection_handle_t connection, - AuthenticationMask authentication -) { - return BLE_ERROR_NOT_IMPLEMENTED; -} - -//////////////////////////////////////////////////////////////////////////// -// Encryption -// - -ble_error_t nRF5xSecurityManager::enable_encryption( - connection_handle_t connection, - const ltk_t <k -) { - // use sd_ble_gap_encrypt it requires: - // - ediv - // - rand - // - ltk - // - flag indicating if the key was generated with lesc - // - flag indicated if the key is an authenticated key - // - flag indicating the length of the ltk ??? - return BLE_ERROR_NOT_IMPLEMENTED; -} - -ble_error_t nRF5xSecurityManager::disable_encryption(connection_handle_t connection) -{ - // NO FUNCTION to disable encryption - return BLE_ERROR_NOT_IMPLEMENTED; -} - -ble_error_t nRF5xSecurityManager::get_encryption_status( - connection_handle_t connection, LinkSecurityStatus_t &status -) { - return BLE_ERROR_NOT_IMPLEMENTED; -} - -ble_error_t nRF5xSecurityManager::get_encryption_key_size( - connection_handle_t connection, uint8_t &bitsize -) { - return BLE_ERROR_NOT_IMPLEMENTED; -} - -ble_error_t nRF5xSecurityManager::enable_encryption( - connection_handle_t connection, - const ltk_t <k, - const rand_t &rand, - const ediv_t &ediv -) { - // NO FUNCTION to disable encryption - return BLE_ERROR_NOT_IMPLEMENTED; -} - -ble_error_t nRF5xSecurityManager::encrypt_data( - const key_t &key, - encryption_block_t &data -) { - // NO FUNCTION to disable encryption - return BLE_ERROR_NOT_IMPLEMENTED; -} - -//////////////////////////////////////////////////////////////////////////// -// Privacy -// - -ble_error_t nRF5xSecurityManager::set_private_address_timeout( - uint16_t timeout_in_seconds -) { - return BLE_ERROR_NOT_IMPLEMENTED; -} - -//////////////////////////////////////////////////////////////////////////// -// Keys -// - -ble_error_t nRF5xSecurityManager::set_ltk_not_found( - connection_handle_t connection -) { - // usefulness ? - return BLE_ERROR_NOT_IMPLEMENTED; -} - -ble_error_t nRF5xSecurityManager::set_ltk( - connection_handle_t connection, const ltk_t <k -) { - // usefulness ? - return BLE_ERROR_NOT_IMPLEMENTED; -} - -ble_error_t nRF5xSecurityManager::set_irk(const irk_t& irk) -{ - memcpy(_irk.buffer(), irk.data(), _csrk.size()); - return BLE_ERROR_NONE; -} - -ble_error_t nRF5xSecurityManager::set_csrk(const csrk_t& csrk) -{ - memcpy(_csrk.buffer(), csrk.data(), _csrk.size()); - return BLE_ERROR_NONE; -} - -//////////////////////////////////////////////////////////////////////////// -// Authentication -// - -ble_error_t nRF5xSecurityManager::send_pairing_request( - connection_handle_t connection, - bool oob_data_flag, - AuthenticationMask authentication_requirements, - KeyDistribution initiator_dist, - KeyDistribution responder_dist -) { - ble_gap_sec_params_t security_params = { - /* bond */ authentication_requirements.get_bondable(), - /* mitm */ authentication_requirements.get_mitm(), - /* lesc */ authentication_requirements.get_secure_connections(), - /* keypress */ authentication_requirements.get_keypress_notification(), - /* io_caps */ _io_capability.value(), - /* oob */ oob_data_flag, - /* min_key_size */ 7, // FIXME! - /* max_key_size */ _max_encryption_key_size, - /* kdist_periph */ { - /* enc */ responder_dist.get_encryption(), - /* id */ responder_dist.get_identity(), - /* sign */ responder_dist.get_signing(), - /* link */ responder_dist.get_link() - }, - /* kdist_central */ { - /* enc */ initiator_dist.get_encryption(), - /* id */ initiator_dist.get_identity(), - /* sign */ initiator_dist.get_signing(), - /* link */ initiator_dist.get_link() - } - }; - - uint32_t err = sd_ble_gap_authenticate( - connection, - &security_params - ); - - return convert_sd_error(err); -} - -ble_error_t nRF5xSecurityManager::send_pairing_response( - connection_handle_t connection, - bool oob_data_flag, - AuthenticationMask authentication_requirements, - KeyDistribution initiator_dist, - KeyDistribution responder_dist -) { - ble_gap_sec_params_t security_params = { - /* bond */ authentication_requirements.get_bondable(), - /* mitm */ authentication_requirements.get_mitm(), - /* lesc */ authentication_requirements.get_secure_connections(), - /* keypress */ authentication_requirements.get_keypress_notification(), - /* io_caps */ _io_capability.value(), - /* oob */ oob_data_flag, - /* min_key_size */ 7, // FIXME! - /* max_key_size */ _max_encryption_key_size, - /* kdist_periph */ { - /* enc */ responder_dist.get_encryption(), - /* id */ responder_dist.get_identity(), - /* sign */ responder_dist.get_signing(), - /* link */ responder_dist.get_link() - }, - /* kdist_central */ { - /* enc */ initiator_dist.get_encryption(), - /* id */ initiator_dist.get_identity(), - /* sign */ initiator_dist.get_signing(), - /* link */ initiator_dist.get_link() - } - }; - - ble_gap_sec_keyset_t keyset = { - /* keys_own */ { - /* encryption key */ NULL, - /* id key */ NULL, /* FIXME: pass in the IRK mixed up with address ?!?*/ - /* signing key */ NULL, /* FIXME: put _csrk in the type of data structure used by nordic */ - /* P-256 Public Key */ NULL - }, - /* keys_peer */ { - // FIXME: The softdevice requires the application to maintain this memory chunk ... - } - }; - - uint32_t err = sd_ble_gap_sec_params_reply( - connection, - /* status */ BLE_GAP_SEC_STATUS_SUCCESS, - /* params */ &security_params, - /* keys ... */ &keyset - ); - - return convert_sd_error(err); -} - -ble_error_t nRF5xSecurityManager::cancel_pairing( - connection_handle_t connection, pairing_failure_t reason -) { - // FIXME: there is no fixed function that can be used to cancel pairing all - // the time. However sd_ble_gap_sec_params_reply should be used to cancel a - // pairing after a pairing request. - - // sd_ble_gap_auth_key_reply should be used to cancel pairing when a key - // entered by the user is required. - - uint32_t err = sd_ble_gap_sec_params_reply( - connection, - /* status */ reason.value() | 0x80, - /* params */ NULL, - /* keys ... */ NULL - ); - - return convert_sd_error(err); -} - -ble_error_t nRF5xSecurityManager::request_authentication(connection_handle_t connection) -{ - uint8_t authentication_requirements; - // FIXME: need authentication requirements from the caller - ble_gap_sec_params_t security_params = { - /* bond */ static_cast((authentication_requirements >> 0) & 3), - /* mitm */static_cast((authentication_requirements >> 2) & 1), - /* lesc */ static_cast((authentication_requirements >> 3) & 1), - /* keypress */ static_cast((authentication_requirements >> 4) & 1) - /* other parameters ignored ??? TODO: check*/ - }; - - uint32_t err = sd_ble_gap_authenticate( - connection, - &security_params - ); - - return convert_sd_error(err); -} - -ble_error_t nRF5xSecurityManager::get_random_data(octet_type_t<8> &random_data) -{ - return BLE_ERROR_NOT_IMPLEMENTED; -} - -ble_error_t nRF5xSecurityManager::generate_public_key() -{ - return BLE_ERROR_NOT_IMPLEMENTED; -} - - -//////////////////////////////////////////////////////////////////////////// -// MITM -// - -ble_error_t nRF5xSecurityManager::set_display_passkey( - passkey_num_t passkey -) { - return BLE_ERROR_NOT_IMPLEMENTED; -} - -ble_error_t nRF5xSecurityManager::passkey_request_reply( - connection_handle_t connection, const passkey_num_t passkey -) { - uint32_t err = sd_ble_gap_auth_key_reply( - connection, - BLE_GAP_AUTH_KEY_TYPE_PASSKEY, - /* FIXME: convert passkey_num into and asci key */ NULL - ); - - return convert_sd_error(err); -} - -ble_error_t nRF5xSecurityManager::legacy_pairing_oob_data_request_reply( - connection_handle_t connection, const oob_tk_t& oob_data -) { - uint32_t err = sd_ble_gap_auth_key_reply( - connection, - BLE_GAP_AUTH_KEY_TYPE_OOB, - oob_data.data() - ); - - return convert_sd_error(err); -} - -ble_error_t nRF5xSecurityManager::confirmation_entered( - connection_handle_t connection, bool confirmation -) { - return BLE_ERROR_NOT_IMPLEMENTED; -} - -ble_error_t nRF5xSecurityManager::send_keypress_notification( - connection_handle_t connection, Keypress_t keypress -) { - return BLE_ERROR_NOT_IMPLEMENTED; -} - -ble_error_t nRF5xSecurityManager::oob_data_verified( - connection_handle_t connection, - const oob_lesc_value_t &local_random, - const oob_lesc_value_t &peer_random -) { - return BLE_ERROR_NOT_IMPLEMENTED; -} - -nRF5xSecurityManager& nRF5xSecurityManager::get_security_manager() -{ - static nRF5xSecurityManager _security_manager; - return _security_manager; -} - -bool nRF5xSecurityManager::sm_handler(const ble_evt_t *evt) -{ - SecurityManagerEventHandler* handler = - get_security_manager().get_event_handler(); - - if ((evt == NULL) || (handler == NULL)) { - return false; - } - - const ble_gap_evt_t& gap_evt = evt->evt.gap_evt; - uint16_t connection = gap_evt.conn_handle; - - switch (evt->header.evt_id) { - case BLE_GAP_EVT_SEC_PARAMS_REQUEST: { - const ble_gap_sec_params_t& params = - gap_evt.params.sec_params_request.peer_params; - - AuthenticationMask authentication_requirements( - params.bond, - params.mitm, - params.lesc, - params.keypress - ); - - KeyDistribution initiator_dist( - params.kdist_peer.enc, - params.kdist_peer.id, - params.kdist_peer.sign, - params.kdist_peer.link - ); - - KeyDistribution responder_dist( - params.kdist_own.enc, - params.kdist_own.id, - params.kdist_own.sign, - params.kdist_own.link - ); - - // FIXME: pass min key size - handler->on_pairing_request( - connection, - params.oob, - authentication_requirements, - initiator_dist, - responder_dist - ); - return true; - } - - case BLE_GAP_EVT_SEC_INFO_REQUEST: { - const ble_gap_evt_sec_info_request_t& req = - gap_evt.params.sec_info_request; - - handler->on_ltk_request( - connection, - ediv_t((uint8_t*)(&req.master_id.ediv)), - rand_t(req.master_id.rand) - ); - - return true; - } - - case BLE_GAP_EVT_PASSKEY_DISPLAY: { - const ble_gap_evt_passkey_display_t& req = - gap_evt.params.passkey_display; - - if (req.match_request == 0) { - handler->on_passkey_display( - connection, - 0 /* TODO: conversion of req.passkey into a numerical passkey */ - ); - } else { - // handle this case for secure pairing - } - - return true; - } - - case BLE_GAP_EVT_KEY_PRESSED: - // TODO: add with LESC support - return true; - - case BLE_GAP_EVT_AUTH_KEY_REQUEST: { - uint8_t key_type = gap_evt.params.auth_key_request.key_type; - - switch (key_type) { - case BLE_GAP_AUTH_KEY_TYPE_NONE: - break; - - case BLE_GAP_AUTH_KEY_TYPE_PASSKEY: - handler->on_passkey_request(connection); - break; - - case BLE_GAP_AUTH_KEY_TYPE_OOB: - handler->on_legacy_pairing_oob_request(connection); - break; - } - - return true; - } - - case BLE_GAP_EVT_LESC_DHKEY_REQUEST: - // TODO: Add with LESC support - return true; - - case BLE_GAP_EVT_AUTH_STATUS: { - const ble_gap_evt_auth_status_t& status = - gap_evt.params.auth_status; - - switch (status.auth_status) { - case BLE_GAP_SEC_STATUS_SUCCESS: - // FIXME: needs success handler - break; - case BLE_GAP_SEC_STATUS_TIMEOUT: - // FIXME: needs timeout handler - break; - - case BLE_GAP_SEC_STATUS_PASSKEY_ENTRY_FAILED: - case BLE_GAP_SEC_STATUS_OOB_NOT_AVAILABLE: - case BLE_GAP_SEC_STATUS_AUTH_REQ: - case BLE_GAP_SEC_STATUS_CONFIRM_VALUE: - case BLE_GAP_SEC_STATUS_PAIRING_NOT_SUPP: - case BLE_GAP_SEC_STATUS_ENC_KEY_SIZE: - case BLE_GAP_SEC_STATUS_SMP_CMD_UNSUPPORTED: - case BLE_GAP_SEC_STATUS_UNSPECIFIED: - case BLE_GAP_SEC_STATUS_REPEATED_ATTEMPTS: - case BLE_GAP_SEC_STATUS_INVALID_PARAMS: - case BLE_GAP_SEC_STATUS_DHKEY_FAILURE: - case BLE_GAP_SEC_STATUS_NUM_COMP_FAILURE: - case BLE_GAP_SEC_STATUS_BR_EDR_IN_PROG: - case BLE_GAP_SEC_STATUS_X_TRANS_KEY_DISALLOWED: - handler->on_pairing_error( - connection, - (pairing_failure_t::type) (status.auth_status & 0xF) - ); - break; - - default: - break; - } - - - return true; - } - - case BLE_GAP_EVT_CONN_SEC_UPDATE: - // FIXME: Invoke handler indicating the link encryption - return true; - - case BLE_GAP_EVT_TIMEOUT: - // FIXME: forward event when available - return true; - - case BLE_GAP_EVT_SEC_REQUEST: - // FIXME: forward event when available - return true; - - default: - return false; - } -} - -} // nordic -} // vendor -} // pal -} // ble - diff --git a/features/FEATURE_BLE/targets/TARGET_NORDIC/TARGET_NRF5/source/nRF5xPalSecurityManager.h b/features/FEATURE_BLE/targets/TARGET_NORDIC/TARGET_NRF5/source/nRF5xPalSecurityManager.h deleted file mode 100644 index 32b6880b3f..0000000000 --- a/features/FEATURE_BLE/targets/TARGET_NORDIC/TARGET_NRF5/source/nRF5xPalSecurityManager.h +++ /dev/null @@ -1,333 +0,0 @@ -/* mbed Microcontroller Library - * Copyright (c) 2018-2018 ARM Limited - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef NRF5X_PAL_SECURITY_MANAGER_ -#define NRF5X_PAL_SECURITY_MANAGER_ - -#include "ble/pal/PalSecurityManager.h" -#include "nrf_ble.h" - -namespace ble { -namespace pal { -namespace vendor { -namespace nordic { - -class nRF5xSecurityManager : public ::ble::pal::SecurityManager { -public: - nRF5xSecurityManager(); - - virtual ~nRF5xSecurityManager(); - - //////////////////////////////////////////////////////////////////////////// - // SM lifecycle management - // - - /** - * @see ::ble::pal::SecurityManager::initialize - */ - virtual ble_error_t initialize(); - - /** - * @see ::ble::pal::SecurityManager::terminate - */ - virtual ble_error_t terminate(); - - /** - * @see ::ble::pal::SecurityManager::reset - */ - virtual ble_error_t reset() ; - - //////////////////////////////////////////////////////////////////////////// - // Resolving list management - // - - /** - * @see ::ble::pal::SecurityManager::read_resolving_list_capacity - */ - virtual uint8_t read_resolving_list_capacity(); - - /** - * @see ::ble::pal::SecurityManager::add_device_to_resolving_list - */ - virtual ble_error_t add_device_to_resolving_list( - advertising_peer_address_type_t peer_identity_address_type, - const address_t &peer_identity_address, - const irk_t &peer_irk - ); - - /** - * @see ::ble::pal::SecurityManager::remove_device_from_resolving_list - */ - virtual ble_error_t remove_device_from_resolving_list( - advertising_peer_address_type_t peer_identity_address_type, - const address_t &peer_identity_address - ); - - /** - * @see ::ble::pal::SecurityManager::clear_resolving_list - */ - virtual ble_error_t clear_resolving_list(); - - //////////////////////////////////////////////////////////////////////////// - // Feature support - // - - /** - * @see ::ble::pal::SecurityManager::get_secure_connections_support - */ - virtual ble_error_t get_secure_connections_support( - bool &enabled - ); - - /** - * @see ::ble::pal::SecurityManager::set_io_capability - */ - virtual ble_error_t set_io_capability( - io_capability_t io_capability - ); - - //////////////////////////////////////////////////////////////////////////// - // Security settings - // - - /** - * @see ::ble::pal::SecurityManager::set_authentication_timeout - */ - virtual ble_error_t set_authentication_timeout( - connection_handle_t, uint16_t timeout_in_10ms - ); - - /** - * @see ::ble::pal::SecurityManager::get_authentication_timeout - */ - virtual ble_error_t get_authentication_timeout( - connection_handle_t, uint16_t &timeout_in_10ms - ); - - /** - * @see ::ble::pal::SecurityManager::set_encryption_key_requirements - */ - virtual ble_error_t set_encryption_key_requirements( - uint8_t min_encryption_key_size, - uint8_t max_encryption_key_size - ); - - /** - * @see ::ble::pal::SecurityManager::slave_security_request - */ - virtual ble_error_t slave_security_request( - connection_handle_t connection, - AuthenticationMask authentication - ); - - //////////////////////////////////////////////////////////////////////////// - // Encryption - // - - /** - * @see ::ble::pal::SecurityManager::enable_encryption - */ - virtual ble_error_t enable_encryption( - connection_handle_t connection, - const ltk_t <k - ); - - /** - * @see ::ble::pal::SecurityManager::disable_encryption - */ - virtual ble_error_t disable_encryption(connection_handle_t connection); - - /** - * @see ::ble::pal::SecurityManager::get_encryption_status - */ - virtual ble_error_t get_encryption_status( - connection_handle_t connection, LinkSecurityStatus_t &status - ); - - /** - * @see ::ble::pal::SecurityManager::get_encryption_key_size - */ - virtual ble_error_t get_encryption_key_size( - connection_handle_t, uint8_t &bitsize - ); - - /** - * @see ::ble::pal::SecurityManager::enable_encryption - */ - virtual ble_error_t enable_encryption( - connection_handle_t connection, - const ltk_t <k, - const rand_t &rand, - const ediv_t &ediv - ); - - /** - * @see ::ble::pal::SecurityManager::encrypt_data - */ - virtual ble_error_t encrypt_data( - const key_t &key, - encryption_block_t &data - ); - - //////////////////////////////////////////////////////////////////////////// - // Privacy - // - - /** - * @see ::ble::pal::SecurityManager::set_private_address_timeout - */ - virtual ble_error_t set_private_address_timeout(uint16_t timeout_in_seconds); - - //////////////////////////////////////////////////////////////////////////// - // Keys - // - - /** - * @see ::ble::pal::SecurityManager::set_ltk - */ - virtual ble_error_t set_ltk(connection_handle_t connection, const ltk_t <k); - - /** - * @see ::ble::pal::SecurityManager::set_ltk - */ - virtual ble_error_t set_ltk_not_found(connection_handle_t connection); - - /** - * @see ::ble::pal::SecurityManager::set_irk - */ - virtual ble_error_t set_irk(const irk_t& irk); - - /** - * @see ::ble::pal::SecurityManager::set_csrk - */ - virtual ble_error_t set_csrk(const csrk_t& csrk); - - //////////////////////////////////////////////////////////////////////////// - // Authentication - // - - /** - * @see ::ble::pal::SecurityManager::send_pairing_request - */ - virtual ble_error_t send_pairing_request( - connection_handle_t connection, - bool oob_data_flag, - AuthenticationMask authentication_requirements, - KeyDistribution initiator_dist, - KeyDistribution responder_dist - ); - - /** - * @see ::ble::pal::SecurityManager::send_pairing_response - */ - virtual ble_error_t send_pairing_response( - connection_handle_t connection, - bool oob_data_flag, - AuthenticationMask authentication_requirements, - KeyDistribution initiator_dist, - KeyDistribution responder_dist - ); - - /** - * @see ::ble::pal::SecurityManager::cancel_pairing - */ - virtual ble_error_t cancel_pairing( - connection_handle_t connection, pairing_failure_t reason - ); - - /** - * @see ::ble::pal::SecurityManager::request_authentication - */ - virtual ble_error_t request_authentication(connection_handle_t connection); - - /** - * @see ::ble::pal::SecurityManager::get_random_data - */ - virtual ble_error_t get_random_data(octet_type_t<8> &random_data); - - /** - * @see ::ble::pal::SecurityManager::generate_public_key - */ - virtual ble_error_t generate_public_key(); - - //////////////////////////////////////////////////////////////////////////// - // MITM - // - - /** - * @see ::ble::pal::SecurityManager::set_display_passkey - */ - virtual ble_error_t set_display_passkey( - passkey_num_t passkey - ); - - /** - * @see ::ble::pal::SecurityManager::passkey_request_reply - */ - virtual ble_error_t passkey_request_reply( - connection_handle_t connection, const passkey_num_t passkey - ); - - /** - * @see ::ble::pal::SecurityManager::oob_data_request_reply - */ - virtual ble_error_t legacy_pairing_oob_data_request_reply( - connection_handle_t connection, const oob_tk_t& oob_data - ); - - /** - * @see ::ble::pal::SecurityManager::confirmation_entered - */ - virtual ble_error_t confirmation_entered( - connection_handle_t connection, bool confirmation - ); - - /** - * @see ::ble::pal::SecurityManager::send_keypress_notification - */ - virtual ble_error_t send_keypress_notification( - connection_handle_t connection, Keypress_t keypress - ); - - /** - * @see ::ble::pal::SecurityManager::oob_data_verified - */ - virtual ble_error_t oob_data_verified( - connection_handle_t connection, - const oob_lesc_value_t &local_random, - const oob_lesc_value_t &peer_random - ); - - // singleton of nordic Security Manager - static nRF5xSecurityManager& get_security_manager(); - - // Event handler - // FIXME: set proper event handling type - static bool sm_handler(const ble_evt_t *evt); - -private: - irk_t _irk; - csrk_t _csrk; - io_capability_t _io_capability; - uint8_t _max_encryption_key_size; -}; - -} // nordic -} // vendor -} // pal -} // ble - -#endif /* NRF5X_PAL_SECURITY_MANAGER_ */