From 1ee56f6b83b863f987d1ce6429bec5e38306375b Mon Sep 17 00:00:00 2001 From: Vincent Coubard Date: Mon, 15 Jan 2018 14:25:27 +0000 Subject: [PATCH 1/4] Convert SecurityManagerEventHandler into a pure interface. Convert most functions of SecurityManager into virtual pure functions. Protect access to the get_event_handler function and remove function set_app_event_handler. --- .../FEATURE_BLE/ble/pal/PalSecurityManager.h | 500 +++++++----------- 1 file changed, 186 insertions(+), 314 deletions(-) diff --git a/features/FEATURE_BLE/ble/pal/PalSecurityManager.h b/features/FEATURE_BLE/ble/pal/PalSecurityManager.h index cf752a9954..5a4e603abb 100644 --- a/features/FEATURE_BLE/ble/pal/PalSecurityManager.h +++ b/features/FEATURE_BLE/ble/pal/PalSecurityManager.h @@ -98,380 +98,252 @@ struct bonded_list_t { uint8_t capacity; /**< number of entries that can be stored */ }; +/** + * Handle events generated by ble::pal::SecurityManager + */ class SecurityManagerEventHandler { - SecurityManagerEventHandler() : _app_event_handler(NULL) { }; - virtual void security_setup_initiated(connection_handle_t handle, bool allow_bonding, - bool require_mitm, SecurityIOCapabilities_t iocaps) { - if (_app_event_handler) { - _app_event_handler->securitySetupInitiated(handle, allow_bonding, require_mitm, iocaps); - } - } - virtual void security_setup_completed(connection_handle_t handle, - SecurityManager::SecurityCompletionStatus_t status) { - if (_app_event_handler) { - _app_event_handler->securitySetupCompleted(handle, status); - } - } - virtual void link_secured(connection_handle_t handle, SecurityManager::SecurityMode_t security_mode) { - if (_app_event_handler) { - _app_event_handler->linkSecured(handle, security_mode); - } - } +public: + virtual void security_setup_initiated( + connection_handle_t handle, + bool allow_bonding, + bool require_mitm, + SecurityIOCapabilities_t iocaps + ) = 0; - virtual void security_context_stored(connection_handle_t handle) { - if (_app_event_handler) { - _app_event_handler->securityContextStored(handle); - } - } - virtual void passkey_display(connection_handle_t handle, const passkey_t passkey) { - if (_app_event_handler) { - _app_event_handler->passkeyDisplay(handle, passkey); - } - } + virtual void security_setup_completed( + connection_handle_t handle, + SecurityManager::SecurityCompletionStatus_t status + ) = 0; - virtual void valid_mic_timeout(connection_handle_t handle) { - if (_app_event_handler) { - _app_event_handler->validMicTimeout(handle); - } - } + virtual void link_secured( + connection_handle_t handle, SecurityManager::SecurityMode_t security_mode + ) = 0; - virtual void link_key_failure(connection_handle_t handle) { - if (_app_event_handler) { - _app_event_handler->linkKeyFailure(handle); - } - } + virtual void security_context_stored(connection_handle_t handle) = 0; - virtual void keypress_notification(connection_handle_t handle, SecurityManager::Keypress_t keypress) { - if (_app_event_handler) { - _app_event_handler->keypressNotification(handle, keypress); - } - } + virtual void passkey_display(connection_handle_t handle, const passkey_t passkey) = 0; - virtual void legacy_pariring_oob_request(connection_handle_t handle) { - if (_app_event_handler) { - _app_event_handler->legacyPairingOobRequest(handle); - } - } + virtual void valid_mic_timeout(connection_handle_t handle) = 0; - virtual void oob_request(connection_handle_t handle) { - if (_app_event_handler) { - _app_event_handler->oobRequest(handle); - } - } - virtual void pin_request(connection_handle_t handle) { + virtual void link_key_failure(connection_handle_t handle) = 0; - if (_app_event_handler) { - _app_event_handler->pinRequest(handle); - } - } - virtual void passkey_request(connection_handle_t handle) { + virtual void keypress_notification(connection_handle_t handle, SecurityManager::Keypress_t keypress) = 0; - if (_app_event_handler) { - _app_event_handler->passkeyRequest(handle); - } - } - virtual void confirmation_request(connection_handle_t handle) { + virtual void legacy_pariring_oob_request(connection_handle_t handle) = 0; - if (_app_event_handler) { - _app_event_handler->confirmationRequest(handle); - } - } - virtual void accept_pairing_request(connection_handle_t handle, - SecurityIOCapabilities_t iocaps, - bool use_oob, - authentication_t authentication, - uint8_t max_key_size, - key_distribution_t initiator_dist, - key_distribution_t responder_dist) { - if (_app_event_handler) { - _app_event_handler->acceptPairingRequest(handle); - } - } + virtual void oob_request(connection_handle_t handle) = 0; - virtual void keys_exchanged(connection_handle_t handle, address_t &peer_address, ediv_t &ediv, - rand_t &rand, ltk_t <k, csrk_t &csrk); - virtual void ltk_request(connection_handle_t handle, ediv_t &ediv, rand_t &rand); + virtual void pin_request(connection_handle_t handle) = 0; - virtual void set_app_event_handler(::SecurityManagerEventHandler *app_event_handler) { - _app_event_handler = app_event_handler; - } -private: - ::SecurityManagerEventHandler *_app_event_handler; + virtual void passkey_request(connection_handle_t handle) = 0; + + virtual void confirmation_request(connection_handle_t handle) = 0; + + virtual void accept_pairing_request( + connection_handle_t handle, + SecurityIOCapabilities_t iocaps, + bool use_oob, + authentication_t authentication, + uint8_t max_key_size, + key_distribution_t initiator_dist, + key_distribution_t responder_dist + ) = 0; + + virtual void keys_exchanged( + connection_handle_t handle, + address_t &peer_address, + ediv_t &ediv, + rand_t &rand, + ltk_t <k, + csrk_t &csrk + ) = 0; + + virtual void ltk_request( + connection_handle_t handle, + ediv_t &ediv, + rand_t &rand + ) = 0; }; - +/** + * Adaptation layer of the Security Manager. + */ class SecurityManager : private mbed::NonCopyable { public: SecurityManager() : _pal_event_handler(NULL) { }; + virtual ~SecurityManager() { }; - virtual ble_error_t initialize() { - return BLE_ERROR_NONE; - } - virtual ble_error_t terminate() { - return BLE_ERROR_NONE; - } - virtual ble_error_t reset() { - return BLE_ERROR_NONE; - } + virtual ble_error_t initialize() = 0; + + virtual ble_error_t terminate() = 0; + + virtual ble_error_t reset() = 0; /* persistence */ - virtual ble_error_t get_bonded_list(bonded_list_t &list) { - (void)list; - return BLE_ERROR_NOT_IMPLEMENTED; - } - virtual ble_error_t add_bonded_list_entry(bonded_list_entry_t &entry) { - (void)entry; - return BLE_ERROR_NOT_IMPLEMENTED; - } - virtual ble_error_t remove_bonded_list_entry(bonded_list_entry_t &entry) { - (void)entry; - return BLE_ERROR_NOT_IMPLEMENTED; - } - virtual ble_error_t clear_bonded_list() { - return BLE_ERROR_NOT_IMPLEMENTED; - } + virtual ble_error_t get_bonded_list(bonded_list_t &list) = 0; - virtual ble_error_t get_resolving_list(resolving_list_t &list) { - (void)list; - return BLE_ERROR_NOT_IMPLEMENTED; - } - virtual ble_error_t add_resolving_list_entry(resolving_list_entry_t &entry) { - (void)entry; - return BLE_ERROR_NOT_IMPLEMENTED; - } - virtual ble_error_t remove_resolving_list_entry(resolving_list_entry_t &entry) { - (void)entry; - return BLE_ERROR_NOT_IMPLEMENTED; - } - virtual ble_error_t clear_resolving_list() { - return BLE_ERROR_NOT_IMPLEMENTED; - } + virtual ble_error_t add_bonded_list_entry(bonded_list_entry_t &entry) = 0; - virtual ble_error_t get_whitelist(Gap::Whitelist_t &list) { - (void)list; - return BLE_ERROR_NOT_IMPLEMENTED; - } - virtual ble_error_t add_whitelist_entry(address_t &entry) { - (void)entry; - return BLE_ERROR_NOT_IMPLEMENTED; - } - virtual ble_error_t remove_whitelist_entry(address_t &entry) { - (void)entry; - return BLE_ERROR_NOT_IMPLEMENTED; - } - virtual ble_error_t clear_whitelist() { - return BLE_ERROR_NOT_IMPLEMENTED; - } + virtual ble_error_t remove_bonded_list_entry(bonded_list_entry_t &entry) = 0; + + virtual ble_error_t clear_bonded_list() = 0; + + virtual ble_error_t get_resolving_list(resolving_list_t &list) = 0; + + virtual ble_error_t add_resolving_list_entry(resolving_list_entry_t &entry) = 0; + + virtual ble_error_t remove_resolving_list_entry(resolving_list_entry_t &entry) = 0; + + virtual ble_error_t clear_resolving_list() = 0; + + virtual ble_error_t get_whitelist(Gap::Whitelist_t &list) = 0; + + virtual ble_error_t add_whitelist_entry(address_t &entry) = 0; + + virtual ble_error_t remove_whitelist_entry(address_t &entry) = 0; + + virtual ble_error_t clear_whitelist() = 0; /* feature support */ - virtual ble_error_t set_secure_connections_support(bool enabled, bool secure_connections_only = false) { - (void)enabled; - (void)secure_connections_only; - return BLE_ERROR_NOT_IMPLEMENTED; - } - virtual ble_error_t get_secure_connections_support(bool &enabled, bool &secure_connections_only) { - (void)enabled; - (void)secure_connections_only; - return BLE_ERROR_NOT_IMPLEMENTED; - } + virtual ble_error_t set_secure_connections_support( + bool enabled, bool secure_connections_only = false + ) = 0; + + virtual ble_error_t get_secure_connections_support( + bool &enabled, bool &secure_connections_only + ) = 0; /* security settings */ - virtual ble_error_t set_pin_code(uint8_t pin_length, uint8_t *pin_code, bool static_pin = false) { - (void)pin_length; - (void)pin_code; - (void)static_pin; - return BLE_ERROR_NOT_IMPLEMENTED; - } - virtual ble_error_t set_passkey(passkey_num_t passkey) { - (void)passkey; - return BLE_ERROR_NOT_IMPLEMENTED; - } + virtual ble_error_t set_pin_code( + uint8_t pin_length, uint8_t *pin_code, bool static_pin = false + ) = 0; - virtual ble_error_t set_authentication_timeout(connection_handle_t, uint16_t timeout_in_10ms) { - (void)timeout_in_10ms; - return BLE_ERROR_NOT_IMPLEMENTED; - } - virtual ble_error_t get_authentication_timeout(connection_handle_t, uint16_t &timeout_in_10ms) { - (void)timeout_in_10ms; - return BLE_ERROR_NOT_IMPLEMENTED; - } + virtual ble_error_t set_passkey(passkey_num_t passkey) = 0; + + virtual ble_error_t set_authentication_timeout( + connection_handle_t, uint16_t timeout_in_10ms + ) = 0; + + virtual ble_error_t get_authentication_timeout( + connection_handle_t, uint16_t &timeout_in_10ms + ) = 0; /* encryption */ - virtual ble_error_t enable_encryption(connection_handle_t handle) { - (void)handle; - return BLE_ERROR_NOT_IMPLEMENTED; - } + virtual ble_error_t enable_encryption(connection_handle_t handle) = 0; - virtual ble_error_t disable_encryption(connection_handle_t handle) { - (void)handle; - return BLE_ERROR_NOT_IMPLEMENTED; - } + virtual ble_error_t disable_encryption(connection_handle_t handle) = 0; - virtual ble_error_t get_encryption_status(connection_handle_t handle, LinkSecurityStatus_t &status) { - (void)handle; - (void)status; - return BLE_ERROR_NOT_IMPLEMENTED; - } + virtual ble_error_t get_encryption_status( + connection_handle_t handle, LinkSecurityStatus_t &status + ) = 0; - virtual ble_error_t get_encryption_key_size(connection_handle_t, uint8_t &bitsize) { - (void)bitsize; - return BLE_ERROR_NOT_IMPLEMENTED; - } + virtual ble_error_t get_encryption_key_size( + connection_handle_t, uint8_t &bitsize + ) = 0; - virtual ble_error_t refresh_encryption_key(connection_handle_t handle) { - (void)handle; - return BLE_ERROR_NOT_IMPLEMENTED; - } + virtual ble_error_t refresh_encryption_key(connection_handle_t handle) = 0; /* privacy */ - virtual ble_error_t set_private_address_timeout(uint16_t timeout_in_seconds) { - (void)timeout_in_seconds; - return BLE_ERROR_NOT_IMPLEMENTED; - } + virtual ble_error_t set_private_address_timeout(uint16_t timeout_in_seconds) = 0; /* keys */ - virtual ble_error_t set_ltk(connection_handle_t handle, ltk_t ltk) { - (void)ltk; - return BLE_ERROR_NOT_IMPLEMENTED; - } + virtual ble_error_t set_ltk(connection_handle_t handle, ltk_t ltk) = 0; - virtual ble_error_t set_irk(irk_t irk) { - (void)irk; - return BLE_ERROR_NOT_IMPLEMENTED; - } - virtual ble_error_t set_csrk(csrk_t csrk) { - (void)csrk; - return BLE_ERROR_NOT_IMPLEMENTED; - } - virtual ble_error_t generate_irk() { - return BLE_ERROR_NOT_IMPLEMENTED; - } - virtual ble_error_t generate_csrk() { - return BLE_ERROR_NOT_IMPLEMENTED; - } + virtual ble_error_t set_irk(irk_t irk) = 0; + + virtual ble_error_t set_csrk(csrk_t csrk) = 0; + + virtual ble_error_t generate_irk() = 0; + + virtual ble_error_t generate_csrk() = 0; /* authentication */ - virtual ble_error_t request_pairing(connection_handle_t handle, - SecurityIOCapabilities_t iocaps, - bool use_oob, - authentication_t authentication, - uint8_t max_key_size, - key_distribution_t initiator_dist, - key_distribution_t responder_dist) { - (void)handle; - (void)iocaps; - (void)use_oob; - (void)authentication; - (void)max_key_size; - (void)initiator_dist; - (void)responder_dist; - return BLE_ERROR_NOT_IMPLEMENTED; - } - virtual ble_error_t accept_pairing(connection_handle_t handle, - SecurityIOCapabilities_t iocaps, - bool use_oob, - authentication_t authentication, - uint8_t max_key_size, - key_distribution_t initiator_dist, - key_distribution_t responder_dist) { - (void)handle; - (void)iocaps; - (void)use_oob; - (void)authentication; - (void)max_key_size; - (void)initiator_dist; - (void)responder_dist; - return BLE_ERROR_NOT_IMPLEMENTED; - } - virtual ble_error_t reject_pairing(connection_handle_t handle) { - (void)handle; - return BLE_ERROR_NOT_IMPLEMENTED; - } - virtual ble_error_t cancel_pairing(connection_handle_t handle) { - (void)handle; - return BLE_ERROR_NOT_IMPLEMENTED; - } + virtual ble_error_t request_pairing( + connection_handle_t handle, + SecurityIOCapabilities_t iocaps, + bool use_oob, + authentication_t authentication, + uint8_t max_key_size, + key_distribution_t initiator_dist, + key_distribution_t responder_dist + ) = 0; - virtual ble_error_t set_pairing_request_authorisation(bool authorisation_required = true) { - (void)authorisation_required; - return BLE_ERROR_NOT_IMPLEMENTED; - } + virtual ble_error_t accept_pairing( + connection_handle_t handle, + SecurityIOCapabilities_t iocaps, + bool use_oob, + authentication_t authentication, + uint8_t max_key_size, + key_distribution_t initiator_dist, + key_distribution_t responder_dist + ) = 0; - virtual ble_error_t request_authentication(connection_handle_t handle) { - (void)handle; - return BLE_ERROR_NOT_IMPLEMENTED; - } + virtual ble_error_t reject_pairing(connection_handle_t handle) = 0; + + virtual ble_error_t cancel_pairing(connection_handle_t handle) = 0; + + virtual ble_error_t set_pairing_request_authorisation( + bool authorisation_required = true + ) = 0; + + virtual ble_error_t request_authentication(connection_handle_t handle) = 0; /* MITM */ - virtual ble_error_t confirmation_entered(connection_handle_t handle, bool confirmation) { - (void)handle; - (void)confirmation; - return BLE_ERROR_NOT_IMPLEMENTED; - } - virtual ble_error_t passkey_entered(connection_handle_t handle, passkey_t passkey) { - (void)handle; - (void)passkey; - return BLE_ERROR_NOT_IMPLEMENTED; - } - virtual ble_error_t send_keypress_notification(connection_handle_t handle, Keypress_t keypress) { - (void)handle; - (void)keypress; - return BLE_ERROR_NOT_IMPLEMENTED; - } + virtual ble_error_t confirmation_entered( + connection_handle_t handle, bool confirmation + ) = 0; + + virtual ble_error_t passkey_entered( + connection_handle_t handle, passkey_t passkey + ) = 0; + + virtual ble_error_t send_keypress_notification( + connection_handle_t handle, Keypress_t keypress + ) = 0; + + virtual ble_error_t set_oob( + connection_handle_t handle, c192_t& c192, r192_t& r192 + ) = 0; + + virtual ble_error_t set_extended_oob( + connection_handle_t handle, + c192_t& c192, + r192_t& r192, + c256_t& c256, + r256_t& r256 + ) = 0; + + virtual ble_error_t get_local_oob_data( + connection_handle_t handle, c192_t& c192, r192_t& r192 + ) = 0; + + virtual ble_error_t get_local_extended_oob_data( + connection_handle_t handle, + c192_t& c192, r192_t& r192, c256_t& c256, r256_t& r256 + ) = 0; - virtual ble_error_t set_oob(connection_handle_t handle, c192_t& c192, r192_t& r192) { - (void)handle; - (void)c192; - (void)r192; - return BLE_ERROR_NOT_IMPLEMENTED; - } - virtual ble_error_t set_extended_oob(connection_handle_t handle, - c192_t& c192, r192_t& r192, c256_t& c256, r256_t& r256) { - (void)handle; - (void)c192; - (void)r192; - (void)c256; - (void)r256; - return BLE_ERROR_NOT_IMPLEMENTED; - } - virtual ble_error_t get_local_oob_data(connection_handle_t handle, c192_t& c192, r192_t& r192) { - (void)handle; - (void)c192; - (void)r192; - return BLE_ERROR_NOT_IMPLEMENTED; - } - virtual ble_error_t get_local_extended_oob_data(connection_handle_t handle, - c192_t& c192, r192_t& r192, c256_t& c256, r256_t& r256) { - (void)handle; - (void)c192; - (void)r192; - (void)c256; - (void)r256; - return BLE_ERROR_NOT_IMPLEMENTED; - } /* Entry points for the underlying stack to report events back to the user. */ - public: - SecurityManagerEventHandler& get_event_handler() { - /* guaranteed to be a valid pointer */ - return _pal_event_handler; - } - void set_app_event_handler(::SecurityManagerEventHandler *app_event_handler) { - _pal_event_handler->set_app_event_handler(app_event_handler); - } +public: void set_event_handler(SecurityManagerEventHandler *event_handler) { _pal_event_handler = event_handler; } + +protected: + SecurityManagerEventHandler* get_event_handler() { + return _pal_event_handler; + } + private: SecurityManagerEventHandler *_pal_event_handler; From be664d1c337404bae8f5a8bf75bb11e9e12161da Mon Sep 17 00:00:00 2001 From: Vincent Coubard Date: Mon, 15 Jan 2018 14:32:12 +0000 Subject: [PATCH 2/4] Remove whitelist management: already present in the gap addaptation layer. --- features/FEATURE_BLE/ble/pal/PalSecurityManager.h | 8 -------- 1 file changed, 8 deletions(-) diff --git a/features/FEATURE_BLE/ble/pal/PalSecurityManager.h b/features/FEATURE_BLE/ble/pal/PalSecurityManager.h index 5a4e603abb..65c51ca1d1 100644 --- a/features/FEATURE_BLE/ble/pal/PalSecurityManager.h +++ b/features/FEATURE_BLE/ble/pal/PalSecurityManager.h @@ -198,14 +198,6 @@ public: virtual ble_error_t clear_resolving_list() = 0; - virtual ble_error_t get_whitelist(Gap::Whitelist_t &list) = 0; - - virtual ble_error_t add_whitelist_entry(address_t &entry) = 0; - - virtual ble_error_t remove_whitelist_entry(address_t &entry) = 0; - - virtual ble_error_t clear_whitelist() = 0; - /* feature support */ virtual ble_error_t set_secure_connections_support( From 81904fd867bf81f5138875f81cd5bd1fab10e474 Mon Sep 17 00:00:00 2001 From: Vincent Coubard Date: Mon, 15 Jan 2018 14:36:32 +0000 Subject: [PATCH 3/4] Remove bonded list storage from the adaptation layer. Such processing should be handled at the upper layer. Initiating encryption of a given connection should be made with the start encryption command. This command accepts the parameters Rand, EDIV and LTK. A request of encryption request generate an LTK request event that is forwarded to the upper layer which then reply with the LTK presents in the Security DB or reject the request. --- features/FEATURE_BLE/ble/pal/PalSecurityManager.h | 8 -------- 1 file changed, 8 deletions(-) diff --git a/features/FEATURE_BLE/ble/pal/PalSecurityManager.h b/features/FEATURE_BLE/ble/pal/PalSecurityManager.h index 65c51ca1d1..46a0279bd2 100644 --- a/features/FEATURE_BLE/ble/pal/PalSecurityManager.h +++ b/features/FEATURE_BLE/ble/pal/PalSecurityManager.h @@ -182,14 +182,6 @@ public: /* persistence */ - virtual ble_error_t get_bonded_list(bonded_list_t &list) = 0; - - virtual ble_error_t add_bonded_list_entry(bonded_list_entry_t &entry) = 0; - - virtual ble_error_t remove_bonded_list_entry(bonded_list_entry_t &entry) = 0; - - virtual ble_error_t clear_bonded_list() = 0; - virtual ble_error_t get_resolving_list(resolving_list_t &list) = 0; virtual ble_error_t add_resolving_list_entry(resolving_list_entry_t &entry) = 0; From 03f07bb7ce3a6e36d346360381bce98abe415a8a Mon Sep 17 00:00:00 2001 From: Vincent Coubard Date: Mon, 15 Jan 2018 15:05:50 +0000 Subject: [PATCH 4/4] Refactor resolving list management. Use address type from gap rather than BLEProtocol::AddressBytes_t . --- .../FEATURE_BLE/ble/pal/PalSecurityManager.h | 107 +++++++++++------- 1 file changed, 66 insertions(+), 41 deletions(-) diff --git a/features/FEATURE_BLE/ble/pal/PalSecurityManager.h b/features/FEATURE_BLE/ble/pal/PalSecurityManager.h index 46a0279bd2..573562b582 100644 --- a/features/FEATURE_BLE/ble/pal/PalSecurityManager.h +++ b/features/FEATURE_BLE/ble/pal/PalSecurityManager.h @@ -23,6 +23,7 @@ #include "ble/SafeEnum.h" #include "ble/BLEProtocol.h" #include "ble/SecurityManager.h" +#include "ble/pal/GapTypes" namespace ble { namespace pal { @@ -41,7 +42,6 @@ typedef SecurityManager::C192_t c192_t; typedef SecurityManager::R192_t r192_t; typedef SecurityManager::C256_t c256_t; typedef SecurityManager::R256_t r256_t; -typedef BLEProtocol::AddressBytes_t address_t; typedef uint8_t irk_t[16]; typedef uint8_t csrk_t[16]; @@ -70,34 +70,6 @@ enum AuthenticationFlags_t { AUTHENTICATION_KEYPRESS_NOTIFICATION = 0x10 }; -struct bonded_list_entry_t { - address_t peer_address; - ediv_t ediv; - rand_t rand; - ltk_t ltk; - csrk_t csrk; -}; - -struct resolving_list_entry_t { - address_t peer_address; - irk_t peer_irk; - irk_t local_irk; -}; - -/** Representation of a resolving list. */ -struct resolving_list_t { - resolving_list_entry_t *entries; /**< pointer to array storing the entries */ - uint8_t size; /**< actual number of entries */ - uint8_t capacity; /**< number of entries that can be stored */ -}; - -/** Representation of a bonded list. */ -struct bonded_list_t { - bonded_list_entry_t *entries; /**< pointer to array storing the entries */ - uint8_t size; /**< actual number of entries */ - uint8_t capacity; /**< number of entries that can be stored */ -}; - /** * Handle events generated by ble::pal::SecurityManager */ @@ -151,7 +123,8 @@ public: virtual void keys_exchanged( connection_handle_t handle, - address_t &peer_address, + advertising_peer_address_type_t peer_identity_address_type, + address_t &peer_identity_address, ediv_t &ediv, rand_t &rand, ltk_t <k, @@ -174,23 +147,63 @@ public: virtual ~SecurityManager() { }; + //////////////////////////////////////////////////////////////////////////// + // SM lifecycle management + // + virtual ble_error_t initialize() = 0; virtual ble_error_t terminate() = 0; virtual ble_error_t reset() = 0; - /* persistence */ + //////////////////////////////////////////////////////////////////////////// + // Resolving list management + // - virtual ble_error_t get_resolving_list(resolving_list_t &list) = 0; + /** + * Return the number of address translation entries that can be stored by the + * subsystem. + * + * @warning: The number of entries is considered fixed. + * + * see BLUETOOTH SPECIFICATION Version 5.0 | Vol 2, Part E: 7.8.41 + */ + virtual uint8_t read_resolving_list_capacity() = 0; - virtual ble_error_t add_resolving_list_entry(resolving_list_entry_t &entry) = 0; + /** + * Add a device definition into the resolving list of the LE subsystem. + * + * @see BLUETOOTH SPECIFICATION Version 5.0 | Vol 2, Part E: 7.8.38 + */ + virtual ble_error_t add_device_to_resolving_list( + advertising_peer_address_type_t peer_identity_address_type, + address_t peer_identity_address, + irk_t peer_irk, + irk_t local_irk + ) = 0; - virtual ble_error_t remove_resolving_list_entry(resolving_list_entry_t &entry) = 0; + /** + * Add a device definition from the resolving list of the LE subsystem. + * + * @see BLUETOOTH SPECIFICATION Version 5.0 | Vol 2, Part E: 7.8.39 + */ + virtual ble_error_t remove_device_from_resolving_list( + advertising_peer_address_type_t peer_identity_address_type, + address_t peer_identity_address + ) = 0; + + /** + * Remove all devices from the resolving list. + * + * @see BLUETOOTH SPECIFICATION Version 5.0 | Vol 2, Part E: 7.8.40 + */ virtual ble_error_t clear_resolving_list() = 0; - /* feature support */ + //////////////////////////////////////////////////////////////////////////// + // Feature support + // virtual ble_error_t set_secure_connections_support( bool enabled, bool secure_connections_only = false @@ -200,7 +213,9 @@ public: bool &enabled, bool &secure_connections_only ) = 0; - /* security settings */ + //////////////////////////////////////////////////////////////////////////// + // Security settings + // virtual ble_error_t set_pin_code( uint8_t pin_length, uint8_t *pin_code, bool static_pin = false @@ -216,7 +231,9 @@ public: connection_handle_t, uint16_t &timeout_in_10ms ) = 0; - /* encryption */ + //////////////////////////////////////////////////////////////////////////// + // Encryption + // virtual ble_error_t enable_encryption(connection_handle_t handle) = 0; @@ -232,11 +249,15 @@ public: virtual ble_error_t refresh_encryption_key(connection_handle_t handle) = 0; - /* privacy */ + //////////////////////////////////////////////////////////////////////////// + // Privacy + // virtual ble_error_t set_private_address_timeout(uint16_t timeout_in_seconds) = 0; - /* keys */ + //////////////////////////////////////////////////////////////////////////// + // Keys + // virtual ble_error_t set_ltk(connection_handle_t handle, ltk_t ltk) = 0; @@ -248,7 +269,9 @@ public: virtual ble_error_t generate_csrk() = 0; - /* authentication */ + //////////////////////////////////////////////////////////////////////////// + // Authentication + // virtual ble_error_t request_pairing( connection_handle_t handle, @@ -280,7 +303,9 @@ public: virtual ble_error_t request_authentication(connection_handle_t handle) = 0; - /* MITM */ + //////////////////////////////////////////////////////////////////////////// + // MITM + // virtual ble_error_t confirmation_entered( connection_handle_t handle, bool confirmation