added MITM to user facing security manager api

features/FEATURE_BLE/ble/SecurityManager.h

@@ -86,6 +86,10 @@ public:
      */
     static const unsigned PASSKEY_LEN = 6;
     typedef uint8_t Passkey_t[PASSKEY_LEN];         /**< 6-digit passkey in ASCII ('0'-'9' digits only). */
+    typedef uint8_t c192_t[16];
+    typedef uint8_t r192_t[16];
+    typedef uint8_t c256_t[16];
+    typedef uint8_t r256_t[16];
 
     typedef void (*HandleSpecificEvent_t)(Gap::Handle_t handle);
     typedef void (*SecuritySetupInitiatedCallback_t)(Gap::Handle_t, bool allowBonding, bool requireMITM, SecurityIOCapabilities_t iocaps);
@@ -195,7 +199,7 @@ public:
         return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
     }
 
-    virtual ble_error_t setOOBDataUsage(Gap::Handle_t connectionHandle, bool useOOB, bool OOBProvidesMITM) {
+    virtual ble_error_t setOOBDataUsage(Gap::Handle_t connectionHandle, bool useOOB, bool OOBProvidesMITM = false) {
         /* Avoid compiler warnings about unused variables */
         (void) connectionHandle;
         (void) useOOB;
@@ -204,6 +208,69 @@ public:
         return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
     }
 
+    virtual ble_error_t setPinCode(uint8_t pinLength, uint8_t * pinCode, bool isStatic = false) {
+        (void) pinLength;
+        (void) pinCode;
+        (void) isStatic;
+
+        return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
+    }
+
+    virtual ble_error_t setPasskey(const Passkey_t passkey) {
+        (void) passkey;
+
+        return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
+    }
+
+    virtual ble_error_t confirmationEntered(Gap::Handle_t handle, bool confirmation) {
+        (void) handle;
+        (void) confirmation;
+        return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
+    }
+    virtual ble_error_t passkeyEntered(Gap::Handle_t handle, Passkey_t passkey) {
+        (void) handle;
+        (void) passkey;
+        return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
+    }
+    virtual ble_error_t sendKeypressNotification(Gap::Handle_t handle, Keypress_t keypress) {
+        (void) handle;
+        (void) keypress;
+        return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
+    }
+    virtual ble_error_t setOob(Gap::Handle_t handle, c192_t* hash192, r192_t* rand192) {
+        (void) handle;
+        (void) hash192;
+        (void) rand192;
+        return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
+    }
+    virtual ble_error_t setExtendedOob(Gap::Handle_t handle,
+                                       c192_t* hash192, r192_t* rand192,
+                                       c256_t* hash256, r256_t* rand256) {
+        (void) handle;
+        (void) hash192;
+        (void) rand192;
+        (void) hash256;
+        (void) rand256;
+        return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
+    }
+    virtual ble_error_t getLocalOobData(Gap::Handle_t handle, c192_t* hash192, r192_t* rand192) {
+        (void) handle;
+        (void) hash192;
+        (void) rand192;
+        return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
+    }
+    virtual ble_error_t getLocalExtendedOobData(Gap::Handle_t handle,
+                                                c192_t* hash192, r192_t* rand192,
+                                                c256_t* hash256, r256_t* rand256) {
+        (void) handle;
+        (void) hash192;
+        (void) rand192;
+        (void) hash256;
+        (void) rand256;
+        return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
+    }
+
+
     /* Event callback handlers. */
 public:
     /**

features/FEATURE_BLE/ble/pal/PalSm.h

@@ -25,6 +25,11 @@ using SecurityManager::SecurityMode_t;
 using SecurityManager::LinkSecurityStatus_t;
 using SecurityManager::Passkey_t;
 using SecurityManager::Keypress_t;
+using SecurityManager::c192_t;
+using SecurityManager::r192_t;
+using SecurityManager::c256_t;
+using SecurityManager::r256_t;
+using SecurityManager::PasskeyNum_t;
 
 using BLEProtocol::AddressBytes_t;
 using BLEProtocol::Address_t;
@@ -35,11 +40,7 @@ typedef uint8_t csrk_t[16];
 typedef uint8_t ltk_t[16];
 typedef uint8_t ediv_t[8];
 typedef uint8_t rand_t[2];
-typedef uint8_t passkey_t[4];
+typedef uint32_t passkey_num_t;
-typedef uint8_t c192_t[16];
-typedef uint8_t r192_t[16];
-typedef uint8_t c256_t[16];
-typedef uint8_t r256_t[16];
 
 struct bonded_list_entry_t {
     Address_t peer_address;
@@ -72,6 +73,7 @@ struct bonded_list_t {
 class SecurityManager : private mbed::NonCopyable<SecurityManager> {
 public:
     SecurityManager() : _event_handler(NULL) { };
+    virtual ~SecurityManager() { };
 
     virtual ble_error_t initialize() = 0;
     virtual ble_error_t terminate() = 0;
@@ -97,7 +99,8 @@ public:
     virtual ble_error_t set_authentication_timeout(connection_handle_t, uint16_t timeout /*x10 ms*/) = 0;
     virtual ble_error_t get_authentication_timeout(connection_handle_t, uint16_t *timeout /*x10 ms*/) = 0;
 
-    virtual ble_error_t set_pin_code(uint8_t pin_length, uint8_t *pin_code, bool variable_pin = true) = 0;
+    virtual ble_error_t set_pin_code(uint8_t pin_length, uint8_t *pin_code, bool static_pin = false) = 0;
+    virtual ble_error_t set_passkey(passkey_num_t passkey) = 0;
 
     /* feature support */
 
@@ -111,12 +114,12 @@ public:
 
     /* security level */
 
-    virtual ble_error_t set_security_settings(connection_handle_t address,
+    virtual ble_error_t set_security_settings(bool bondable = true,
-                                                   bool bondable = true,
                                               SecurityIOCapabilities_t iocaps = IO_CAPS_NONE,
-                                                   bool use_oob = false,
                                               bool send_keypresses = false) = 0;
 
+    virtual ble_error_t set_oob_data_usage(Gap::Handle_t connectionHandle, bool useOOB, bool OOBProvidesMITM) = 0;
+
     /* triggers pairing if required */
     virtual ble_error_t set_security_mode(connection_handle_t handle,
                                           SecurityMode_t mode) = 0;
@@ -127,7 +130,7 @@ public:
     /* MITM */
 
     virtual ble_error_t confirmation_entered(connection_handle_t address, bool confirmation) = 0;
-    virtual ble_error_t passkey_entered(connection_handle_t, passkey_t passkey) = 0;
+    virtual ble_error_t passkey_entered(connection_handle_t, PasskeyNum_t passkey) = 0;
     virtual ble_error_t send_keypress_notification(connection_handle_t, Keypress_t keypress) = 0;
 
     virtual ble_error_t set_oob(connection_handle_t handle, c192_t*, r192_t*) = 0;
@@ -153,7 +156,7 @@ private:
 
 };
 
-}
+} /* namespace pal */
-}
+} /* namespace ble */
 
 #endif /* MBED_OS_FEATURES_FEATURE_BLE_BLE_PAL_PALSM_H_ */

features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp

@@ -23,22 +23,20 @@
 namespace ble {
 namespace generic {
 
+static const uint8_t NUMBER_OFFSET = '0';
+
 class GenericSecurityManager : public SecurityManager {
 public:
-    
     virtual ble_error_t init(bool                     enableBonding  = true,
                              bool                     requireMITM    = true,
                              SecurityIOCapabilities_t iocaps         = IO_CAPS_NONE,
                              const Passkey_t          passkey        = NULL) {
-        /* Avoid compiler warnings about unused variables. */
-        (void)enableBonding;
         (void)requireMITM;
-        (void)iocaps;
-        (void)passkey;
-
         loadState();
+        pal.set_security_settings(enableBonding, iocaps);
+        pal.set_passkey(passkey, true);
 
-        return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
+        return BLE_ERROR_NONE;
     }
 
     void saveState() {
@@ -70,13 +68,8 @@ public:
         return pal.get_whitelist(addresses);
     }
 
-    ble_error_t setOOBDataUsage(Gap::Handle_t connectionHandle, bool useOOB, bool OOBProvidesMITM) {
+    ble_error_t setOOBDataUsage(Gap::Handle_t connectionHandle, bool useOOB, bool OOBProvidesMITM = false) {
-        /*
+        return pal.set_oob_data_usage(connectionHandle, useOOB, OOBProvidesMITM);
-        [].useOOB = useOOB;
-        [].OOBProvidesMITM = OOBProvidesMITM;
-        */
-
-        return BLE_ERROR_NONE;
     }
 
     ble_error_t preserveBondingStateOnReset(bool enabled) {
@@ -84,6 +77,18 @@ public:
         return BLE_ERROR_NONE;
     }
 
+    ble_error_t setPinCode(uint8_t pinLength, uint8_t * pinCode, bool isStatic = false) {
+        return pal.set_pin_code(pinLength, pinCode, isStatic);
+    }
+
+    ble_error_t setPasskey(const Passkey_t passkeyASCI, bool isStatic = false) {
+        uint32_t passkey = 0;
+        for (int i = 0, m = 1; i < 6; ++i, m *= 10) {
+            passkey += (passkeyASCI[i] - NUMBER_OFFSET) * m;
+        }
+        return pal.set_passkey(passkey);
+    }
+
 protected:
     GenericSecurityManager(ble::pal::SecurityManager& palImpl) : pal(palImpl), saveStateEnabled(false) {
         eventHandler = new SecurityManagerEventHandler();