ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #1 from pan-/palsm-interface-improvement 

SM interface improvements
pull/6188/head
Paul Szczepanek 2018-01-15 17:34:18 +00:00 committed by GitHub
parent 2f49b66c52 03f07bb7ce
commit ab754728dc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 232 additions and 351 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

583
features/FEATURE_BLE/ble/pal/PalSecurityManager.h
View File

@ -23,6 +23,7 @@
#include "ble/SafeEnum.h"
#include "ble/BLEProtocol.h"
#include "ble/SecurityManager.h"
#include "ble/pal/GapTypes"
namespace ble {
namespace pal {
@ -41,7 +42,6 @@ typedef SecurityManager::C192_t c192_t;
typedef SecurityManager::R192_t r192_t;
typedef SecurityManager::C256_t c256_t;
typedef SecurityManager::R256_t r256_t;
typedef BLEProtocol::AddressBytes_t address_t;
typedef uint8_t irk_t[16];
typedef uint8_t csrk_t[16];
@ -70,408 +70,289 @@ enum AuthenticationFlags_t {
AUTHENTICATION_KEYPRESS_NOTIFICATION = 0x10
};
struct bonded_list_entry_t {
address_t peer_address;
ediv_t ediv;
rand_t rand;
ltk_t ltk;
csrk_t csrk;
};
struct resolving_list_entry_t {
address_t peer_address;
irk_t peer_irk;
irk_t local_irk;
};
/** Representation of a resolving list. */
struct resolving_list_t {
resolving_list_entry_t *entries; /**< pointer to array storing the entries */
uint8_t size; /**< actual number of entries */
uint8_t capacity; /**< number of entries that can be stored */
};
/** Representation of a bonded list. */
struct bonded_list_t {
bonded_list_entry_t *entries; /**< pointer to array storing the entries */
uint8_t size; /**< actual number of entries */
uint8_t capacity; /**< number of entries that can be stored */
};
/**
* Handle events generated by ble::pal::SecurityManager
*/
class SecurityManagerEventHandler {
SecurityManagerEventHandler() : _app_event_handler(NULL) { };
virtual void security_setup_initiated(connection_handle_t handle, bool allow_bonding,
bool require_mitm, SecurityIOCapabilities_t iocaps) {
if (_app_event_handler) {
_app_event_handler->securitySetupInitiated(handle, allow_bonding, require_mitm, iocaps);
}
}
virtual void security_setup_completed(connection_handle_t handle,
SecurityManager::SecurityCompletionStatus_t status) {
if (_app_event_handler) {
_app_event_handler->securitySetupCompleted(handle, status);
}
}
virtual void link_secured(connection_handle_t handle, SecurityManager::SecurityMode_t security_mode) {
if (_app_event_handler) {
_app_event_handler->linkSecured(handle, security_mode);
}
}
public:
virtual void security_setup_initiated(
connection_handle_t handle,
bool allow_bonding,
bool require_mitm,
SecurityIOCapabilities_t iocaps
) = 0;
virtual void security_context_stored(connection_handle_t handle) {
if (_app_event_handler) {
_app_event_handler->securityContextStored(handle);
}
}
virtual void passkey_display(connection_handle_t handle, const passkey_t passkey) {
if (_app_event_handler) {
_app_event_handler->passkeyDisplay(handle, passkey);
}
}
virtual void security_setup_completed(
connection_handle_t handle,
SecurityManager::SecurityCompletionStatus_t status
) = 0;
virtual void valid_mic_timeout(connection_handle_t handle) {
if (_app_event_handler) {
_app_event_handler->validMicTimeout(handle);
}
}
virtual void link_secured(
connection_handle_t handle, SecurityManager::SecurityMode_t security_mode
) = 0;
virtual void link_key_failure(connection_handle_t handle) {
if (_app_event_handler) {
_app_event_handler->linkKeyFailure(handle);
}
}
virtual void security_context_stored(connection_handle_t handle) = 0;
virtual void keypress_notification(connection_handle_t handle, SecurityManager::Keypress_t keypress) {
if (_app_event_handler) {
_app_event_handler->keypressNotification(handle, keypress);
}
}
virtual void passkey_display(connection_handle_t handle, const passkey_t passkey) = 0;
virtual void legacy_pariring_oob_request(connection_handle_t handle) {
if (_app_event_handler) {
_app_event_handler->legacyPairingOobRequest(handle);
}
}
virtual void valid_mic_timeout(connection_handle_t handle) = 0;
virtual void oob_request(connection_handle_t handle) {
if (_app_event_handler) {
_app_event_handler->oobRequest(handle);
}
}
virtual void pin_request(connection_handle_t handle) {
virtual void link_key_failure(connection_handle_t handle) = 0;
if (_app_event_handler) {
_app_event_handler->pinRequest(handle);
}
}
virtual void passkey_request(connection_handle_t handle) {
virtual void keypress_notification(connection_handle_t handle, SecurityManager::Keypress_t keypress) = 0;
if (_app_event_handler) {
_app_event_handler->passkeyRequest(handle);
}
}
virtual void confirmation_request(connection_handle_t handle) {
virtual void legacy_pariring_oob_request(connection_handle_t handle) = 0;
if (_app_event_handler) {
_app_event_handler->confirmationRequest(handle);
}
}
virtual void accept_pairing_request(connection_handle_t handle,
SecurityIOCapabilities_t iocaps,
bool use_oob,
authentication_t authentication,
uint8_t max_key_size,
key_distribution_t initiator_dist,
key_distribution_t responder_dist) {
if (_app_event_handler) {
_app_event_handler->acceptPairingRequest(handle);
}
}
virtual void oob_request(connection_handle_t handle) = 0;
virtual void keys_exchanged(connection_handle_t handle, address_t &peer_address, ediv_t &ediv,
rand_t &rand, ltk_t &ltk, csrk_t &csrk);
virtual void ltk_request(connection_handle_t handle, ediv_t &ediv, rand_t &rand);
virtual void pin_request(connection_handle_t handle) = 0;
virtual void set_app_event_handler(::SecurityManagerEventHandler *app_event_handler) {
_app_event_handler = app_event_handler;
}
private:
::SecurityManagerEventHandler *_app_event_handler;
virtual void passkey_request(connection_handle_t handle) = 0;
virtual void confirmation_request(connection_handle_t handle) = 0;
virtual void accept_pairing_request(
connection_handle_t handle,
SecurityIOCapabilities_t iocaps,
bool use_oob,
authentication_t authentication,
uint8_t max_key_size,
key_distribution_t initiator_dist,
key_distribution_t responder_dist
) = 0;
virtual void keys_exchanged(
connection_handle_t handle,
advertising_peer_address_type_t peer_identity_address_type,
address_t &peer_identity_address,
ediv_t &ediv,
rand_t &rand,
ltk_t &ltk,
csrk_t &csrk
) = 0;
virtual void ltk_request(
connection_handle_t handle,
ediv_t &ediv,
rand_t &rand
) = 0;
};
/**
* Adaptation layer of the Security Manager.
*/
class SecurityManager : private mbed::NonCopyable<SecurityManager> {
public:
SecurityManager() : _pal_event_handler(NULL) { };
virtual ~SecurityManager() { };
virtual ble_error_t initialize() {
return BLE_ERROR_NONE;
}
virtual ble_error_t terminate() {
return BLE_ERROR_NONE;
}
virtual ble_error_t reset() {
return BLE_ERROR_NONE;
}
////////////////////////////////////////////////////////////////////////////
// SM lifecycle management
//
/* persistence */
virtual ble_error_t initialize() = 0;
virtual ble_error_t get_bonded_list(bonded_list_t &list) {
(void)list;
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t add_bonded_list_entry(bonded_list_entry_t &entry) {
(void)entry;
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t remove_bonded_list_entry(bonded_list_entry_t &entry) {
(void)entry;
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t clear_bonded_list() {
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t terminate() = 0;
virtual ble_error_t get_resolving_list(resolving_list_t &list) {
(void)list;
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t add_resolving_list_entry(resolving_list_entry_t &entry) {
(void)entry;
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t remove_resolving_list_entry(resolving_list_entry_t &entry) {
(void)entry;
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t clear_resolving_list() {
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t reset() = 0;
virtual ble_error_t get_whitelist(Gap::Whitelist_t &list) {
(void)list;
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t add_whitelist_entry(address_t &entry) {
(void)entry;
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t remove_whitelist_entry(address_t &entry) {
(void)entry;
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t clear_whitelist() {
return BLE_ERROR_NOT_IMPLEMENTED;
}
////////////////////////////////////////////////////////////////////////////
// Resolving list management
//
/* feature support */
/**
* Return the number of address translation entries that can be stored by the
* subsystem.
*
* @warning: The number of entries is considered fixed.
*
* see BLUETOOTH SPECIFICATION Version 5.0 | Vol 2, Part E: 7.8.41
*/
virtual uint8_t read_resolving_list_capacity() = 0;
virtual ble_error_t set_secure_connections_support(bool enabled, bool secure_connections_only = false) {
(void)enabled;
(void)secure_connections_only;
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t get_secure_connections_support(bool &enabled, bool &secure_connections_only) {
(void)enabled;
(void)secure_connections_only;
return BLE_ERROR_NOT_IMPLEMENTED;
}
/**
* Add a device definition into the resolving list of the LE subsystem.
*
* @see BLUETOOTH SPECIFICATION Version 5.0 | Vol 2, Part E: 7.8.38
*/
virtual ble_error_t add_device_to_resolving_list(
advertising_peer_address_type_t peer_identity_address_type,
address_t peer_identity_address,
irk_t peer_irk,
irk_t local_irk
) = 0;
/* security settings */
virtual ble_error_t set_pin_code(uint8_t pin_length, uint8_t *pin_code, bool static_pin = false) {
(void)pin_length;
(void)pin_code;
(void)static_pin;
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t set_passkey(passkey_num_t passkey) {
(void)passkey;
return BLE_ERROR_NOT_IMPLEMENTED;
}
/**
* Add a device definition from the resolving list of the LE subsystem.
*
* @see BLUETOOTH SPECIFICATION Version 5.0 | Vol 2, Part E: 7.8.39
*/
virtual ble_error_t remove_device_from_resolving_list(
advertising_peer_address_type_t peer_identity_address_type,
address_t peer_identity_address
) = 0;
virtual ble_error_t set_authentication_timeout(connection_handle_t, uint16_t timeout_in_10ms) {
(void)timeout_in_10ms;
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t get_authentication_timeout(connection_handle_t, uint16_t &timeout_in_10ms) {
(void)timeout_in_10ms;
return BLE_ERROR_NOT_IMPLEMENTED;
}
/**
* Remove all devices from the resolving list.
*
* @see BLUETOOTH SPECIFICATION Version 5.0 | Vol 2, Part E: 7.8.40
*/
virtual ble_error_t clear_resolving_list() = 0;
/* encryption */
////////////////////////////////////////////////////////////////////////////
// Feature support
//
virtual ble_error_t enable_encryption(connection_handle_t handle) {
(void)handle;
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t set_secure_connections_support(
bool enabled, bool secure_connections_only = false
) = 0;
virtual ble_error_t disable_encryption(connection_handle_t handle) {
(void)handle;
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t get_secure_connections_support(
bool &enabled, bool &secure_connections_only
) = 0;
virtual ble_error_t get_encryption_status(connection_handle_t handle, LinkSecurityStatus_t &status) {
(void)handle;
(void)status;
return BLE_ERROR_NOT_IMPLEMENTED;
}
////////////////////////////////////////////////////////////////////////////
// Security settings
//
virtual ble_error_t get_encryption_key_size(connection_handle_t, uint8_t &bitsize) {
(void)bitsize;
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t set_pin_code(
uint8_t pin_length, uint8_t *pin_code, bool static_pin = false
) = 0;
virtual ble_error_t refresh_encryption_key(connection_handle_t handle) {
(void)handle;
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t set_passkey(passkey_num_t passkey) = 0;
/* privacy */
virtual ble_error_t set_authentication_timeout(
connection_handle_t, uint16_t timeout_in_10ms
) = 0;
virtual ble_error_t set_private_address_timeout(uint16_t timeout_in_seconds) {
(void)timeout_in_seconds;
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t get_authentication_timeout(
connection_handle_t, uint16_t &timeout_in_10ms
) = 0;
/* keys */
////////////////////////////////////////////////////////////////////////////
// Encryption
//
virtual ble_error_t set_ltk(connection_handle_t handle, ltk_t ltk) {
(void)ltk;
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t enable_encryption(connection_handle_t handle) = 0;
virtual ble_error_t set_irk(irk_t irk) {
(void)irk;
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t set_csrk(csrk_t csrk) {
(void)csrk;
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t generate_irk() {
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t generate_csrk() {
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t disable_encryption(connection_handle_t handle) = 0;
/* authentication */
virtual ble_error_t get_encryption_status(
connection_handle_t handle, LinkSecurityStatus_t &status
) = 0;
virtual ble_error_t request_pairing(connection_handle_t handle,
SecurityIOCapabilities_t iocaps,
bool use_oob,
authentication_t authentication,
uint8_t max_key_size,
key_distribution_t initiator_dist,
key_distribution_t responder_dist) {
(void)handle;
(void)iocaps;
(void)use_oob;
(void)authentication;
(void)max_key_size;
(void)initiator_dist;
(void)responder_dist;
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t accept_pairing(connection_handle_t handle,
SecurityIOCapabilities_t iocaps,
bool use_oob,
authentication_t authentication,
uint8_t max_key_size,
key_distribution_t initiator_dist,
key_distribution_t responder_dist) {
(void)handle;
(void)iocaps;
(void)use_oob;
(void)authentication;
(void)max_key_size;
(void)initiator_dist;
(void)responder_dist;
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t reject_pairing(connection_handle_t handle) {
(void)handle;
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t cancel_pairing(connection_handle_t handle) {
(void)handle;
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t get_encryption_key_size(
connection_handle_t, uint8_t &bitsize
) = 0;
virtual ble_error_t set_pairing_request_authorisation(bool authorisation_required = true) {
(void)authorisation_required;
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t refresh_encryption_key(connection_handle_t handle) = 0;
virtual ble_error_t request_authentication(connection_handle_t handle) {
(void)handle;
return BLE_ERROR_NOT_IMPLEMENTED;
}
////////////////////////////////////////////////////////////////////////////
// Privacy
//
/* MITM */
virtual ble_error_t set_private_address_timeout(uint16_t timeout_in_seconds) = 0;
virtual ble_error_t confirmation_entered(connection_handle_t handle, bool confirmation) {
(void)handle;
(void)confirmation;
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t passkey_entered(connection_handle_t handle, passkey_t passkey) {
(void)handle;
(void)passkey;
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t send_keypress_notification(connection_handle_t handle, Keypress_t keypress) {
(void)handle;
(void)keypress;
return BLE_ERROR_NOT_IMPLEMENTED;
}
////////////////////////////////////////////////////////////////////////////
// Keys
//
virtual ble_error_t set_ltk(connection_handle_t handle, ltk_t ltk) = 0;
virtual ble_error_t set_irk(irk_t irk) = 0;
virtual ble_error_t set_csrk(csrk_t csrk) = 0;
virtual ble_error_t generate_irk() = 0;
virtual ble_error_t generate_csrk() = 0;
////////////////////////////////////////////////////////////////////////////
// Authentication
//
virtual ble_error_t request_pairing(
connection_handle_t handle,
SecurityIOCapabilities_t iocaps,
bool use_oob,
authentication_t authentication,
uint8_t max_key_size,
key_distribution_t initiator_dist,
key_distribution_t responder_dist
) = 0;
virtual ble_error_t accept_pairing(
connection_handle_t handle,
SecurityIOCapabilities_t iocaps,
bool use_oob,
authentication_t authentication,
uint8_t max_key_size,
key_distribution_t initiator_dist,
key_distribution_t responder_dist
) = 0;
virtual ble_error_t reject_pairing(connection_handle_t handle) = 0;
virtual ble_error_t cancel_pairing(connection_handle_t handle) = 0;
virtual ble_error_t set_pairing_request_authorisation(
bool authorisation_required = true
) = 0;
virtual ble_error_t request_authentication(connection_handle_t handle) = 0;
////////////////////////////////////////////////////////////////////////////
// MITM
//
virtual ble_error_t confirmation_entered(
connection_handle_t handle, bool confirmation
) = 0;
virtual ble_error_t passkey_entered(
connection_handle_t handle, passkey_t passkey
) = 0;
virtual ble_error_t send_keypress_notification(
connection_handle_t handle, Keypress_t keypress
) = 0;
virtual ble_error_t set_oob(
connection_handle_t handle, c192_t& c192, r192_t& r192
) = 0;
virtual ble_error_t set_extended_oob(
connection_handle_t handle,
c192_t& c192,
r192_t& r192,
c256_t& c256,
r256_t& r256
) = 0;
virtual ble_error_t get_local_oob_data(
connection_handle_t handle, c192_t& c192, r192_t& r192
) = 0;
virtual ble_error_t get_local_extended_oob_data(
connection_handle_t handle,
c192_t& c192, r192_t& r192, c256_t& c256, r256_t& r256
) = 0;
virtual ble_error_t set_oob(connection_handle_t handle, c192_t& c192, r192_t& r192) {
(void)handle;
(void)c192;
(void)r192;
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t set_extended_oob(connection_handle_t handle,
c192_t& c192, r192_t& r192, c256_t& c256, r256_t& r256) {
(void)handle;
(void)c192;
(void)r192;
(void)c256;
(void)r256;
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t get_local_oob_data(connection_handle_t handle, c192_t& c192, r192_t& r192) {
(void)handle;
(void)c192;
(void)r192;
return BLE_ERROR_NOT_IMPLEMENTED;
}
virtual ble_error_t get_local_extended_oob_data(connection_handle_t handle,
c192_t& c192, r192_t& r192, c256_t& c256, r256_t& r256) {
(void)handle;
(void)c192;
(void)r192;
(void)c256;
(void)r256;
return BLE_ERROR_NOT_IMPLEMENTED;
}
/* Entry points for the underlying stack to report events back to the user. */
public:
SecurityManagerEventHandler& get_event_handler() {
/* guaranteed to be a valid pointer */
return _pal_event_handler;
}
void set_app_event_handler(::SecurityManagerEventHandler *app_event_handler) {
_pal_event_handler->set_app_event_handler(app_event_handler);
}
public:
void set_event_handler(SecurityManagerEventHandler *event_handler) {
_pal_event_handler = event_handler;
}
protected:
SecurityManagerEventHandler* get_event_handler() {
return _pal_event_handler;
}
private:
SecurityManagerEventHandler *_pal_event_handler;