ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

gatt server pass 

mostly phy and security issues
pull/9790/head
paul-szczepanek-arm 2019-02-25 14:37:25 +00:00 committed by Vincent Coubard
parent f8c28fcbe7
commit a034bf875e
11 changed files with 104 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
features/FEATURE_BLE/ble/BLETypes.h
View File

@ -528,6 +528,7 @@ struct att_security_requirement_t : SafeEnum<att_security_requirement_t, uint8_t
*/ */
NONE, NONE,
#if BLE_FEATURE_SECURITY
/** /**
* The operation requires security and there's no requirement towards * The operation requires security and there's no requirement towards
* peer authentication. * peer authentication.
@ -553,6 +554,7 @@ struct att_security_requirement_t : SafeEnum<att_security_requirement_t, uint8_t
*/ */
AUTHENTICATED, AUTHENTICATED,
#if BLE_FEATURE_SECURE_CONNECTIONS
/** /**
* The operation require encryption with an authenticated peer that * The operation require encryption with an authenticated peer that
* paired using secure connection pairing. * paired using secure connection pairing.
@ -561,6 +563,8 @@ struct att_security_requirement_t : SafeEnum<att_security_requirement_t, uint8_t
* security is achieved with link encryption. * security is achieved with link encryption.
*/ */
SC_AUTHENTICATED SC_AUTHENTICATED
#endif // BLE_FEATURE_SECURE_CONNECTIONS
#endif // BLE_FEATURE_SECURITY
}; };
/** /**
@ -637,7 +641,7 @@ struct phy_t : SafeEnum<phy_t, uint8_t> {
* @note This physical transport was available since Bluetooth 4.0 * @note This physical transport was available since Bluetooth 4.0
*/ */
LE_1M = 1, LE_1M = 1,
#if BLE_FEATURE_PHY_MANAGEMENT
/** /**
* 2Mbit/s LE. * 2Mbit/s LE.
* *
@ -671,6 +675,7 @@ struct phy_t : SafeEnum<phy_t, uint8_t> {
* @note This transport has been introduced with the Bluetooth 5. * @note This transport has been introduced with the Bluetooth 5.
*/ */
LE_CODED LE_CODED
#endif // BLE_FEATURE_PHY_MANAGEMENT
}; };
/** /**
@ -717,8 +722,10 @@ public:
_value() _value()
{ {
set_1m(phy_1m); set_1m(phy_1m);
#if BLE_FEATURE_PHY_MANAGEMENT
set_2m(phy_2m); set_2m(phy_2m);
set_coded(phy_coded); set_coded(phy_coded);
#endif // BLE_FEATURE_PHY_MANAGEMENT
} }
/** /**
@ -732,12 +739,14 @@ public:
case phy_t::LE_1M: case phy_t::LE_1M:
set_1m(true); set_1m(true);
break; break;
#if BLE_FEATURE_PHY_MANAGEMENT
case phy_t::LE_2M: case phy_t::LE_2M:
set_2m(true); set_2m(true);
break; break;
case phy_t::LE_CODED: case phy_t::LE_CODED:
set_coded(true); set_coded(true);
break; break;
#endif // BLE_FEATURE_PHY_MANAGEMENT
default: default:
break; break;
} }
@ -752,6 +761,7 @@ public:
} }
} }
#if BLE_FEATURE_PHY_MANAGEMENT
/** Prefer 2M PHY. */ /** Prefer 2M PHY. */
void set_2m(bool enabled = true) { void set_2m(bool enabled = true) {
if (enabled) { if (enabled) {
@ -769,6 +779,7 @@ public:
_value &= ~PHY_SET_CODED; _value &= ~PHY_SET_CODED;
} }
} }
#endif // BLE_FEATURE_PHY_MANAGEMENT
bool get_1m() const { bool get_1m() const {
return (_value & PHY_SET_1M); return (_value & PHY_SET_1M);

18
features/FEATURE_BLE/ble/GattCharacteristic.h
View File

@ -1414,6 +1414,7 @@ public:
_valueAttribute.allowWrite(isWritable(_properties)); _valueAttribute.allowWrite(isWritable(_properties));
_valueAttribute.allowRead(isReadable(_properties)); _valueAttribute.allowRead(isReadable(_properties));
#if BLE_FEATURE_SECURITY
// signed writes requires at least an unauthenticated CSRK or an // signed writes requires at least an unauthenticated CSRK or an
// unauthenticated ltk if the link is encrypted. // unauthenticated ltk if the link is encrypted.
if (_properties & BLE_GATT_CHAR_PROPERTIES_AUTHENTICATED_SIGNED_WRITES) { if (_properties & BLE_GATT_CHAR_PROPERTIES_AUTHENTICATED_SIGNED_WRITES) {
@ -1421,6 +1422,7 @@ public:
SecurityRequirement_t::UNAUTHENTICATED SecurityRequirement_t::UNAUTHENTICATED
); );
} }
#endif // BLE_FEATURE_SECURITY
} }
public: public:
@ -1500,11 +1502,13 @@ public:
*/ */
void setWriteSecurityRequirement(SecurityRequirement_t security) void setWriteSecurityRequirement(SecurityRequirement_t security)
{ {
#if BLE_FEATURE_SECURITY
MBED_ASSERT( MBED_ASSERT(
((_properties & BLE_GATT_CHAR_PROPERTIES_AUTHENTICATED_SIGNED_WRITES) && ((_properties & BLE_GATT_CHAR_PROPERTIES_AUTHENTICATED_SIGNED_WRITES) &&
((security == SecurityRequirement_t::NONE) || ((security == SecurityRequirement_t::NONE) ||
(security == SecurityRequirement_t::SC_AUTHENTICATED))) == false (security == SecurityRequirement_t::SC_AUTHENTICATED))) == false
); );
#endif // BLE_FEATURE_SECURITY
_valueAttribute.setWriteSecurityRequirement(security); _valueAttribute.setWriteSecurityRequirement(security);
} }
@ -1758,7 +1762,7 @@ public:
case SecurityRequirement_t::NONE: case SecurityRequirement_t::NONE:
MBED_ASSERT(needs_signing == false); MBED_ASSERT(needs_signing == false);
return SecurityManager::SECURITY_MODE_ENCRYPTION_OPEN_LINK; return SecurityManager::SECURITY_MODE_ENCRYPTION_OPEN_LINK;
#if BLE_FEATURE_SECURITY
case SecurityRequirement_t::UNAUTHENTICATED: case SecurityRequirement_t::UNAUTHENTICATED:
return (needs_signing) ? return (needs_signing) ?
SecurityManager::SECURITY_MODE_SIGNED_NO_MITM : SecurityManager::SECURITY_MODE_SIGNED_NO_MITM :
@ -1768,11 +1772,13 @@ public:
return (needs_signing) ? return (needs_signing) ?
SecurityManager::SECURITY_MODE_SIGNED_WITH_MITM : SecurityManager::SECURITY_MODE_SIGNED_WITH_MITM :
SecurityManager::SECURITY_MODE_ENCRYPTION_WITH_MITM; SecurityManager::SECURITY_MODE_ENCRYPTION_WITH_MITM;
#if BLE_FEATURE_SECURE_CONNECTIONS
case SecurityRequirement_t::SC_AUTHENTICATED: case SecurityRequirement_t::SC_AUTHENTICATED:
MBED_ASSERT(needs_signing == false); MBED_ASSERT(needs_signing == false);
// fallback to encryption with MITM // fallback to encryption with MITM
return SecurityManager::SECURITY_MODE_ENCRYPTION_WITH_MITM; return SecurityManager::SECURITY_MODE_ENCRYPTION_WITH_MITM;
#endif // BLE_FEATURE_SECURE_CONNECTIONS
#endif // BLE_FEATURE_SECURITY
default: default:
MBED_ASSERT(false); MBED_ASSERT(false);
return SecurityManager::SECURITY_MODE_NO_ACCESS; return SecurityManager::SECURITY_MODE_NO_ACCESS;
@ -1851,15 +1857,19 @@ private:
// assuming access is managed by property and orthogonal to // assuming access is managed by property and orthogonal to
// security mode ... // security mode ...
return SecurityRequirement_t::NONE; return SecurityRequirement_t::NONE;
#if BLE_FEATURE_SECURITY
case SecurityManager::SECURITY_MODE_ENCRYPTION_NO_MITM: case SecurityManager::SECURITY_MODE_ENCRYPTION_NO_MITM:
#if BLE_FEATURE_SIGNING
case SecurityManager::SECURITY_MODE_SIGNED_NO_MITM: case SecurityManager::SECURITY_MODE_SIGNED_NO_MITM:
#endif
return SecurityRequirement_t::UNAUTHENTICATED; return SecurityRequirement_t::UNAUTHENTICATED;
case SecurityManager::SECURITY_MODE_ENCRYPTION_WITH_MITM: case SecurityManager::SECURITY_MODE_ENCRYPTION_WITH_MITM:
#if BLE_FEATURE_SIGNING
case SecurityManager::SECURITY_MODE_SIGNED_WITH_MITM: case SecurityManager::SECURITY_MODE_SIGNED_WITH_MITM:
#endif
return SecurityRequirement_t::AUTHENTICATED; return SecurityRequirement_t::AUTHENTICATED;
#endif // BLE_FEATURE_SECURITY
default: default:
// should not happens; makes the compiler happy. // should not happens; makes the compiler happy.
return SecurityRequirement_t::NONE; return SecurityRequirement_t::NONE;

29
features/FEATURE_BLE/ble/gap/ConnectionParameters.h
View File

@ -121,9 +121,13 @@ namespace ble {
class ConnectionParameters { class ConnectionParameters {
enum { enum {
LE_1M_INDEX = 0, LE_1M_INDEX = 0,
#if BLE_FEATURE_PHY_MANAGEMENT
LE_2M_INDEX = 1, LE_2M_INDEX = 1,
LE_CODED_INDEX = 2, LE_CODED_INDEX = 2,
MAX_PARAM_PHYS = 3 MAX_PARAM_PHYS = 3
#else
MAX_PARAM_PHYS = 1
#endif // BLE_FEATURE_PHY_MANAGEMENT
}; };
public: public:
@ -208,6 +212,7 @@ public:
return *this; return *this;
} }
#if BLE_FEATURE_PHY_MANAGEMENT
/** /**
* Enable or disable PHYs. * Enable or disable PHYs.
* *
@ -251,6 +256,7 @@ public:
return *this; return *this;
} }
#endif // BLE_FEATURE_PHY_MANAGEMENT
/* getters */ /* getters */
/** /**
@ -270,9 +276,11 @@ public:
uint8_t getNumberOfEnabledPhys() const uint8_t getNumberOfEnabledPhys() const
{ {
return ( return (
_enabledPhy[LE_1M_INDEX] * 1 + _enabledPhy[LE_1M_INDEX] * 1
_enabledPhy[LE_2M_INDEX] * 1 + #if BLE_FEATURE_PHY_MANAGEMENT
_enabledPhy[LE_CODED_INDEX] * 1 + _enabledPhy[LE_2M_INDEX] * 1
+ _enabledPhy[LE_CODED_INDEX] * 1
#endif // BLE_FEATURE_PHY_MANAGEMENT
); );
} }
@ -309,14 +317,19 @@ public:
phy_set_t getPhySet() const phy_set_t getPhySet() const
{ {
#if BLE_FEATURE_PHY_MANAGEMENT
phy_set_t set( phy_set_t set(
_enabledPhy[LE_1M_INDEX], _enabledPhy[LE_1M_INDEX],
_enabledPhy[LE_2M_INDEX], _enabledPhy[LE_2M_INDEX],
_enabledPhy[LE_CODED_INDEX] _enabledPhy[LE_CODED_INDEX]
); );
return set; return set;
#else
return phy_set_t::PHY_SET_1M;
#endif // BLE_FEATURE_PHY_MANAGEMENT
} }
/* These return pointers to arrays of settings valid only across the number of active PHYs */ /* These return pointers to arrays of settings valid only across the number of active PHYs */
const uint16_t *getScanIntervalArray() const const uint16_t *getScanIntervalArray() const
@ -364,6 +377,7 @@ public:
private: private:
uint8_t getFirstEnabledIndex() const uint8_t getFirstEnabledIndex() const
{ {
#if BLE_FEATURE_PHY_MANAGEMENT
if (_enabledPhy[LE_1M_INDEX]) { if (_enabledPhy[LE_1M_INDEX]) {
return LE_1M_INDEX; return LE_1M_INDEX;
} else if (_enabledPhy[LE_2M_INDEX]) { } else if (_enabledPhy[LE_2M_INDEX]) {
@ -374,6 +388,7 @@ private:
/* This should never happen; it means you were trying to start a connection with a blank set /* This should never happen; it means you were trying to start a connection with a blank set
* of parameters - you need to enable at least one PHY */ * of parameters - you need to enable at least one PHY */
MBED_ASSERT("Trying to use connection parameters without any PHY defined."); MBED_ASSERT("Trying to use connection parameters without any PHY defined.");
#endif // BLE_FEATURE_PHY_MANAGEMENT
return 0; return 0;
} }
@ -387,6 +402,7 @@ private:
{ {
uint8_t index = phyToIndex(phy); uint8_t index = phyToIndex(phy);
#if BLE_FEATURE_PHY_MANAGEMENT
bool was_swapped = isSwapped(); bool was_swapped = isSwapped();
_enabledPhy[index] = enable; _enabledPhy[index] = enable;
@ -401,6 +417,7 @@ private:
/* To keep the data contiguous, coded params are in place of the missing 2M params */ /* To keep the data contiguous, coded params are in place of the missing 2M params */
index = LE_2M_INDEX; index = LE_2M_INDEX;
} }
#endif // BLE_FEATURE_PHY_MANAGEMENT
return index; return index;
} }
@ -412,20 +429,23 @@ private:
case phy_t::LE_1M: case phy_t::LE_1M:
index = LE_1M_INDEX; index = LE_1M_INDEX;
break; break;
#if BLE_FEATURE_PHY_MANAGEMENT
case phy_t::LE_2M: case phy_t::LE_2M:
index = LE_2M_INDEX; index = LE_2M_INDEX;
break; break;
case phy_t::LE_CODED: case phy_t::LE_CODED:
index = LE_CODED_INDEX; index = LE_CODED_INDEX;
break; break;
#endif // BLE_FEATURE_PHY_MANAGEMENT
default: default:
index = MAX_PARAM_PHYS; index = LE_1M_INDEX;
MBED_ASSERT("Illegal PHY"); MBED_ASSERT("Illegal PHY");
break; break;
} }
return index; return index;
} }
#if BLE_FEATURE_PHY_MANAGEMENT
bool isSwapped() const bool isSwapped() const
{ {
return ( return (
@ -437,6 +457,7 @@ private:
/** Handle the swapping of 2M and CODED so that the array is ready for the pal call. */ /** Handle the swapping of 2M and CODED so that the array is ready for the pal call. */
void swapCodedAnd2M(); void swapCodedAnd2M();
#endif // BLE_FEATURE_PHY_MANAGEMENT
private: private:
initiator_filter_policy_t _filterPolicy; initiator_filter_policy_t _filterPolicy;

9
features/FEATURE_BLE/ble/gap/ScanParameters.h
View File

@ -133,9 +133,12 @@ public:
phy_configuration_t conf(scan_interval, scan_window, active_scanning); phy_configuration_t conf(scan_interval, scan_window, active_scanning);
if (phy == phy_t::LE_1M) { if (phy == phy_t::LE_1M) {
phy_1m_configuration = conf; phy_1m_configuration = conf;
} else if (phy == phy_t::LE_CODED) { }
#if BLE_FEATURE_PHY_MANAGEMENT
else if (phy == phy_t::LE_CODED) {
phy_coded_configuration = conf; phy_coded_configuration = conf;
} }
#endif // BLE_FEATURE_PHY_MANAGEMENT
} }
/** /**
@ -182,6 +185,7 @@ public:
#endif // BLE_FEATURE_WHITELIST #endif // BLE_FEATURE_WHITELIST
} }
#if BLE_FEATURE_PHY_MANAGEMENT
/** /**
* Enable or disable PHYs that should be used during scanning. * Enable or disable PHYs that should be used during scanning.
* @param enable_1m True to enable the 1M phy and false to disable it. * @param enable_1m True to enable the 1M phy and false to disable it.
@ -194,6 +198,7 @@ public:
phys.set_coded(enable_coded); phys.set_coded(enable_coded);
return *this; return *this;
} }
#endif // BLE_FEATURE_PHY_MANAGEMENT
/** /**
* Get the PHYs to use during scanning. * Get the PHYs to use during scanning.
@ -231,6 +236,7 @@ public:
return phy_1m_configuration; return phy_1m_configuration;
} }
#if BLE_FEATURE_PHY_MANAGEMENT
/** /**
* Set the coded PHY scan configuration. * Set the coded PHY scan configuration.
* @param interval The scan interval to use. * @param interval The scan interval to use.
@ -250,6 +256,7 @@ public:
); );
return *this; return *this;
} }
#endif // BLE_FEATURE_PHY_MANAGEMENT
/** /**
* Get the coded PHY scan configuration. * Get the coded PHY scan configuration.

3
features/FEATURE_BLE/ble/pal/SigningEventMonitor.h
View File

@ -23,6 +23,7 @@
namespace ble { namespace ble {
namespace pal { namespace pal {
#if BLE_FEATURE_SIGNING
/** /**
* Implemented by classes that are reacting to signing events. * Implemented by classes that are reacting to signing events.
*/ */
@ -92,6 +93,8 @@ public:
} }
}; };
#endif // BLE_FEATURE_SIGNING
} // namespace pal } // namespace pal
} // namespace ble } // namespace ble

2
features/FEATURE_BLE/source/gap/ConnectionParameters.cpp
View File

@ -100,6 +100,7 @@ ConnectionParameters &ConnectionParameters::setConnectionParameters(
return *this; return *this;
} }
#if BLE_FEATURE_PHY_MANAGEMENT
/** Handle the swapping of 2M and CODED so that the array is ready for the pal call. */ /** Handle the swapping of 2M and CODED so that the array is ready for the pal call. */
void ConnectionParameters::swapCodedAnd2M() void ConnectionParameters::swapCodedAnd2M()
{ {
@ -130,5 +131,6 @@ void ConnectionParameters::swapCodedAnd2M()
_minEventLength[LE_CODED_INDEX] = minEventLength; _minEventLength[LE_CODED_INDEX] = minEventLength;
_maxEventLength[LE_CODED_INDEX] = maxEventLength; _maxEventLength[LE_CODED_INDEX] = maxEventLength;
} }
#endif // BLE_FEATURE_PHY_MANAGEMENT
} // namespace ble } // namespace ble

2
features/FEATURE_BLE/source/services/DFUService.cpp
View File

@ -17,6 +17,7 @@
#include "BLERoles.h" #include "BLERoles.h"
#if BLE_FEATURE_GATT_SERVER #if BLE_FEATURE_GATT_SERVER
#if BLE_ROLE_BROADCASTER
#ifdef TARGET_NRF51822 /* DFU only supported on nrf51 platforms */ #ifdef TARGET_NRF51822 /* DFU only supported on nrf51 platforms */
@ -47,4 +48,5 @@ DFUService::ResetPrepare_t DFUService::handoverCallback = NULL;
#endif /* #ifdef TARGET_NRF51822 */ #endif /* #ifdef TARGET_NRF51822 */
#endif // BLE_ROLE_BROADCASTER
#endif // BLE_FEATURE_GATT_SERVER #endif // BLE_FEATURE_GATT_SERVER

2
features/FEATURE_BLE/source/services/UARTService.cpp
View File

@ -17,6 +17,7 @@
#include "BLERoles.h" #include "BLERoles.h"
#if BLE_FEATURE_GATT_SERVER #if BLE_FEATURE_GATT_SERVER
#if BLE_ROLE_BROADCASTER
#include "ble/services/UARTService.h" #include "ble/services/UARTService.h"
@ -44,4 +45,5 @@ const uint8_t UARTServiceRXCharacteristicUUID[UUID::LENGTH_OF_LONG_UUID] = {
0xE0, 0xA9, 0xE5, 0x0E, 0x24, 0xDC, 0xCA, 0x9E, 0xE0, 0xA9, 0xE5, 0x0E, 0x24, 0xDC, 0xCA, 0x9E,
}; };
#endif // BLE_ROLE_BROADCASTER
#endif // BLE_FEATURE_GATT_SERVER #endif // BLE_FEATURE_GATT_SERVER

2
features/FEATURE_BLE/source/services/URIBeaconConfigService.cpp
View File

@ -17,6 +17,7 @@
#include "BLERoles.h" #include "BLERoles.h"
#if BLE_FEATURE_GATT_SERVER #if BLE_FEATURE_GATT_SERVER
#if BLE_ROLE_BROADCASTER
#include "ble/services/URIBeaconConfigService.h" #include "ble/services/URIBeaconConfigService.h"
@ -38,4 +39,5 @@ const uint8_t UUID_RESET_CHAR[UUID::LENGTH_OF_LONG_UUID] = UUID_URI_B
const uint8_t BEACON_UUID[sizeof(UUID::ShortUUIDBytes_t)] = {0xD8, 0xFE}; const uint8_t BEACON_UUID[sizeof(UUID::ShortUUIDBytes_t)] = {0xD8, 0xFE};
#endif // BLE_ROLE_BROADCASTER
#endif // BLE_FEATURE_GATT_SERVER #endif // BLE_FEATURE_GATT_SERVER

2
features/FEATURE_BLE/targets/TARGET_CORDIO/CordioGattServer.h
View File

@ -229,7 +229,9 @@ private:
static void att_cb(const attEvt_t *pEvt); static void att_cb(const attEvt_t *pEvt);
static uint8_t atts_read_cb(dmConnId_t connId, uint16_t handle, uint8_t operation, uint16_t offset, attsAttr_t *pAttr); static uint8_t atts_read_cb(dmConnId_t connId, uint16_t handle, uint8_t operation, uint16_t offset, attsAttr_t *pAttr);
static uint8_t atts_write_cb(dmConnId_t connId, uint16_t handle, uint8_t operation, uint16_t offset, uint16_t len, uint8_t *pValue, attsAttr_t *pAttr); static uint8_t atts_write_cb(dmConnId_t connId, uint16_t handle, uint8_t operation, uint16_t offset, uint16_t len, uint8_t *pValue, attsAttr_t *pAttr);
#if BLE_FEATURE_SECURITY
static uint8_t atts_auth_cb(dmConnId_t connId, uint8_t permit, uint16_t handle); static uint8_t atts_auth_cb(dmConnId_t connId, uint8_t permit, uint16_t handle);
#endif // BLE_FEATURE_SECURITY
void add_generic_access_service(); void add_generic_access_service();
void add_generic_attribute_service(); void add_generic_attribute_service();
void* alloc_block(size_t block_size); void* alloc_block(size_t block_size);

36
features/FEATURE_BLE/targets/TARGET_CORDIO/source/CordioGattServer.cpp
View File

@ -241,13 +241,19 @@ bool GattServer::is_characteristic_valid(GattCharacteristic *characteristic) {
return false; return false;
} }
#if BLE_FEATURE_SIGNING
// check for invalid permissions // check for invalid permissions
if ((properties == SIGNED_WRITE_PROPERTY) && if ((properties == SIGNED_WRITE_PROPERTY) &&
(characteristic->getWriteSecurityRequirement() == att_security_requirement_t::NONE || (characteristic->getWriteSecurityRequirement() == att_security_requirement_t::NONE
characteristic->getWriteSecurityRequirement() == att_security_requirement_t::SC_AUTHENTICATED) #if BLE_FEATURE_SECURE_CONNECTIONS
|| characteristic->getWriteSecurityRequirement() == att_security_requirement_t::SC_AUTHENTICATED
#endif // BLE_FEATURE_SECURE_CONNECTIONS
)
) { ) {
return false; return false;
} }
#endif // BLE_FEATURE_SIGNING
return true; return true;
} }
@ -324,6 +330,7 @@ ble_error_t GattServer::insert_characteristic_value_attribute(
switch (characteristic->getReadSecurityRequirement().value()) { switch (characteristic->getReadSecurityRequirement().value()) {
case att_security_requirement_t::NONE: case att_security_requirement_t::NONE:
break; break;
#if BLE_FEATURE_SECURITY
case att_security_requirement_t::UNAUTHENTICATED: case att_security_requirement_t::UNAUTHENTICATED:
attribute_it->permissions |= ATTS_PERMIT_READ_ENC; attribute_it->permissions |= ATTS_PERMIT_READ_ENC;
break; break;
@ -332,6 +339,7 @@ ble_error_t GattServer::insert_characteristic_value_attribute(
ATTS_PERMIT_READ_ENC | ATTS_PERMIT_READ_ENC |
ATTS_PERMIT_READ_AUTH; ATTS_PERMIT_READ_AUTH;
break; break;
#if BLE_FEATURE_SECURE_CONNECTIONS
case att_security_requirement_t::SC_AUTHENTICATED: case att_security_requirement_t::SC_AUTHENTICATED:
// Note: check done in the cordio stack doesn't cover LESC // Note: check done in the cordio stack doesn't cover LESC
// so this one is done in attsAuthorCback // so this one is done in attsAuthorCback
@ -340,6 +348,8 @@ ble_error_t GattServer::insert_characteristic_value_attribute(
ATTS_PERMIT_READ_AUTH | ATTS_PERMIT_READ_AUTH |
ATTS_PERMIT_READ_AUTHORIZ; ATTS_PERMIT_READ_AUTHORIZ;
break; break;
#endif // BLE_FEATURE_SECURE_CONNECTIONS
#endif // BLE_FEATURE_SECURITY
} }
} }
@ -349,6 +359,7 @@ ble_error_t GattServer::insert_characteristic_value_attribute(
switch (characteristic->getWriteSecurityRequirement().value()) { switch (characteristic->getWriteSecurityRequirement().value()) {
case att_security_requirement_t::NONE: case att_security_requirement_t::NONE:
break; break;
#if BLE_FEATURE_SECURITY
case att_security_requirement_t::UNAUTHENTICATED: case att_security_requirement_t::UNAUTHENTICATED:
attribute_it->permissions |= ATTS_PERMIT_WRITE_ENC; attribute_it->permissions |= ATTS_PERMIT_WRITE_ENC;
break; break;
@ -357,6 +368,7 @@ ble_error_t GattServer::insert_characteristic_value_attribute(
ATTS_PERMIT_WRITE_ENC | ATTS_PERMIT_WRITE_ENC |
ATTS_PERMIT_WRITE_AUTH; ATTS_PERMIT_WRITE_AUTH;
break; break;
#if BLE_FEATURE_SECURE_CONNECTIONS
case att_security_requirement_t::SC_AUTHENTICATED: case att_security_requirement_t::SC_AUTHENTICATED:
// Note: check done in the cordio stack doesn't cover LESC // Note: check done in the cordio stack doesn't cover LESC
// so this one is done in attsAuthorCback // so this one is done in attsAuthorCback
@ -365,6 +377,8 @@ ble_error_t GattServer::insert_characteristic_value_attribute(
ATTS_PERMIT_WRITE_AUTH | ATTS_PERMIT_WRITE_AUTH |
ATTS_PERMIT_WRITE_AUTHORIZ; ATTS_PERMIT_WRITE_AUTHORIZ;
break; break;
#endif // BLE_FEATURE_SECURE_CONNECTIONS
#endif // BLE_FEATURE_SECURITY
} }
} }
@ -456,6 +470,7 @@ ble_error_t GattServer::insert_descriptor(
switch (descriptor->getReadSecurityRequirement().value()) { switch (descriptor->getReadSecurityRequirement().value()) {
case att_security_requirement_t::NONE: case att_security_requirement_t::NONE:
break; break;
#if BLE_FEATURE_SECURITY
case att_security_requirement_t::UNAUTHENTICATED: case att_security_requirement_t::UNAUTHENTICATED:
attribute_it->permissions |= ATTS_PERMIT_READ_ENC; attribute_it->permissions |= ATTS_PERMIT_READ_ENC;
break; break;
@ -464,6 +479,7 @@ ble_error_t GattServer::insert_descriptor(
ATTS_PERMIT_READ_ENC | ATTS_PERMIT_READ_ENC |
ATTS_PERMIT_READ_AUTH; ATTS_PERMIT_READ_AUTH;
break; break;
#if BLE_FEATURE_SECURE_CONNECTIONS
case att_security_requirement_t::SC_AUTHENTICATED: case att_security_requirement_t::SC_AUTHENTICATED:
// Note: check done in the cordio stack doesn't cover LESC // Note: check done in the cordio stack doesn't cover LESC
// so this one is done in attsAuthorCback // so this one is done in attsAuthorCback
@ -472,6 +488,8 @@ ble_error_t GattServer::insert_descriptor(
ATTS_PERMIT_READ_AUTH | ATTS_PERMIT_READ_AUTH |
ATTS_PERMIT_READ_AUTHORIZ; ATTS_PERMIT_READ_AUTHORIZ;
break; break;
#endif // BLE_FEATURE_SECURE_CONNECTIONS
#endif // BLE_FEATURE_SECURITY
} }
} }
@ -481,6 +499,7 @@ ble_error_t GattServer::insert_descriptor(
switch (descriptor->getWriteSecurityRequirement().value()) { switch (descriptor->getWriteSecurityRequirement().value()) {
case att_security_requirement_t::NONE: case att_security_requirement_t::NONE:
break; break;
#if BLE_FEATURE_SECURITY
case att_security_requirement_t::UNAUTHENTICATED: case att_security_requirement_t::UNAUTHENTICATED:
attribute_it->permissions |= ATTS_PERMIT_WRITE_ENC; attribute_it->permissions |= ATTS_PERMIT_WRITE_ENC;
break; break;
@ -489,6 +508,7 @@ ble_error_t GattServer::insert_descriptor(
ATTS_PERMIT_WRITE_ENC | ATTS_PERMIT_WRITE_ENC |
ATTS_PERMIT_WRITE_AUTH; ATTS_PERMIT_WRITE_AUTH;
break; break;
#if BLE_FEATURE_SECURE_CONNECTIONS
case att_security_requirement_t::SC_AUTHENTICATED: case att_security_requirement_t::SC_AUTHENTICATED:
// Note: check done in the cordio stack doesn't cover LESC // Note: check done in the cordio stack doesn't cover LESC
// so this one is done in attsAuthorCback // so this one is done in attsAuthorCback
@ -497,6 +517,8 @@ ble_error_t GattServer::insert_descriptor(
ATTS_PERMIT_WRITE_AUTH | ATTS_PERMIT_WRITE_AUTH |
ATTS_PERMIT_WRITE_AUTHORIZ; ATTS_PERMIT_WRITE_AUTHORIZ;
break; break;
#endif // BLE_FEATURE_SECURE_CONNECTIONS
#endif // BLE_FEATURE_SECURITY
} }
} }
@ -988,6 +1010,7 @@ uint8_t GattServer::atts_write_cb(
return ATT_SUCCESS; return ATT_SUCCESS;
} }
#if BLE_FEATURE_SECURITY
uint8_t GattServer::atts_auth_cb(dmConnId_t connId, uint8_t permit, uint16_t handle) uint8_t GattServer::atts_auth_cb(dmConnId_t connId, uint8_t permit, uint16_t handle)
{ {
// this CB is triggered when read or write of an attribute (either a value // this CB is triggered when read or write of an attribute (either a value
@ -1006,6 +1029,7 @@ uint8_t GattServer::atts_auth_cb(dmConnId_t connId, uint8_t permit, uint16_t han
return ATT_SUCCESS; return ATT_SUCCESS;
} }
#endif // BLE_FEATURE_SECURITY
void GattServer::add_generic_access_service() void GattServer::add_generic_access_service()
{ {
@ -1254,14 +1278,17 @@ bool GattServer::is_update_authorized(
return true; return true;
} }
#if BLE_FEATURE_SECURITY
SecurityManager& security_manager = BLE::deviceInstance().getSecurityManager(); SecurityManager& security_manager = BLE::deviceInstance().getSecurityManager();
link_encryption_t encryption(link_encryption_t::NOT_ENCRYPTED); link_encryption_t encryption(link_encryption_t::NOT_ENCRYPTED);
ble_error_t err = security_manager.getLinkEncryption(connection, &encryption); ble_error_t err = security_manager.getLinkEncryption(connection, &encryption);
if (err) { if (err) {
return false; return false;
} }
#endif // BLE_FEATURE_SECURITY
switch (sec_req.value()) { switch (sec_req.value()) {
#if BLE_FEATURE_SECURITY
case att_security_requirement_t::UNAUTHENTICATED: case att_security_requirement_t::UNAUTHENTICATED:
if (encryption < link_encryption_t::ENCRYPTED) { if (encryption < link_encryption_t::ENCRYPTED) {
return false; return false;
@ -1273,13 +1300,14 @@ bool GattServer::is_update_authorized(
return false; return false;
} }
return true; return true;
#if BLE_FEATURE_SECURE_CONNECTIONS
case att_security_requirement_t::SC_AUTHENTICATED: case att_security_requirement_t::SC_AUTHENTICATED:
if (encryption != link_encryption_t::ENCRYPTED_WITH_SC_AND_MITM) { if (encryption != link_encryption_t::ENCRYPTED_WITH_SC_AND_MITM) {
return false; return false;
} }
return true; return true;
#endif // BLE_FEATURE_SECURE_CONNECTIONS
#endif // BLE_FEATURE_SECURITY
default: default:
return false; return false;
} }