Ollie Ford
/
BLE_API
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Fork of
BLE_API
by 
Bluetooth Low Energy
Embed:
(wiki syntax)
Show/hide line numbers
SecurityManager.h
00001 /* mbed Microcontroller Library 00002 * Copyright (c) 2006-2015 ARM Limited 00003 * 00004 * Licensed under the Apache License, Version 2.0 (the "License"); 00005 * you may not use this file except in compliance with the License. 00006 * You may obtain a copy of the License at 00007 * 00008 * http://www.apache.org/licenses/LICENSE-2.0 00009 * 00010 * Unless required by applicable law or agreed to in writing, software 00011 * distributed under the License is distributed on an "AS IS" BASIS, 00012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00013 * See the License for the specific language governing permissions and 00014 * limitations under the License. 00015 */ 00016 00017 #ifndef __SECURITY_MANAGER_H__ 00018 #define __SECURITY_MANAGER_H__ 00019 00020 #include <stdint.h> 00021 00022 #include "Gap.h" 00023 00024 class SecurityManager { 00025 public: 00026 enum SecurityMode_t { 00027 SECURITY_MODE_NO_ACCESS, 00028 SECURITY_MODE_ENCRYPTION_OPEN_LINK, /**< require no protection, open link. */ 00029 SECURITY_MODE_ENCRYPTION_NO_MITM, /**< require encryption, but no MITM protection. */ 00030 SECURITY_MODE_ENCRYPTION_WITH_MITM, /**< require encryption and MITM protection. */ 00031 SECURITY_MODE_SIGNED_NO_MITM, /**< require signing or encryption, but no MITM protection. */ 00032 SECURITY_MODE_SIGNED_WITH_MITM, /**< require signing or encryption, and MITM protection. */ 00033 }; 00034 00035 /** 00036 * @brief Defines possible security status/states. 00037 * 00038 * @details Defines possible security status/states of a link when requested by getLinkSecurity(). 00039 */ 00040 enum LinkSecurityStatus_t { 00041 NOT_ENCRYPTED, /**< The link is not secured. */ 00042 ENCRYPTION_IN_PROGRESS, /**< Link security is being established.*/ 00043 ENCRYPTED /**< The link is secure.*/ 00044 }; 00045 00046 enum SecurityIOCapabilities_t { 00047 IO_CAPS_DISPLAY_ONLY = 0x00, /**< Display Only. */ 00048 IO_CAPS_DISPLAY_YESNO = 0x01, /**< Display and Yes/No entry. */ 00049 IO_CAPS_KEYBOARD_ONLY = 0x02, /**< Keyboard Only. */ 00050 IO_CAPS_NONE = 0x03, /**< No I/O capabilities. */ 00051 IO_CAPS_KEYBOARD_DISPLAY = 0x04, /**< Keyboard and Display. */ 00052 }; 00053 00054 enum SecurityCompletionStatus_t { 00055 SEC_STATUS_SUCCESS = 0x00, /**< Procedure completed with success. */ 00056 SEC_STATUS_TIMEOUT = 0x01, /**< Procedure timed out. */ 00057 SEC_STATUS_PDU_INVALID = 0x02, /**< Invalid PDU received. */ 00058 SEC_STATUS_PASSKEY_ENTRY_FAILED = 0x81, /**< Passkey entry failed (user canceled or other). */ 00059 SEC_STATUS_OOB_NOT_AVAILABLE = 0x82, /**< Out of Band Key not available. */ 00060 SEC_STATUS_AUTH_REQ = 0x83, /**< Authentication requirements not met. */ 00061 SEC_STATUS_CONFIRM_VALUE = 0x84, /**< Confirm value failed. */ 00062 SEC_STATUS_PAIRING_NOT_SUPP = 0x85, /**< Pairing not supported. */ 00063 SEC_STATUS_ENC_KEY_SIZE = 0x86, /**< Encryption key size. */ 00064 SEC_STATUS_SMP_CMD_UNSUPPORTED = 0x87, /**< Unsupported SMP command. */ 00065 SEC_STATUS_UNSPECIFIED = 0x88, /**< Unspecified reason. */ 00066 SEC_STATUS_REPEATED_ATTEMPTS = 0x89, /**< Too little time elapsed since last attempt. */ 00067 SEC_STATUS_INVALID_PARAMS = 0x8A, /**< Invalid parameters. */ 00068 }; 00069 00070 /** 00071 * Declaration of type containing a passkey to be used during pairing. This 00072 * is passed into initializeSecurity() to specify a pre-programmed passkey 00073 * for authentication instead of generating a random one. 00074 */ 00075 static const unsigned PASSKEY_LEN = 6; 00076 typedef uint8_t Passkey_t[PASSKEY_LEN]; /**< 6-digit passkey in ASCII ('0'-'9' digits only). */ 00077 00078 public: 00079 typedef void (*HandleSpecificEvent_t)(Gap::Handle_t handle); 00080 typedef void (*SecuritySetupInitiatedCallback_t)(Gap::Handle_t, bool allowBonding, bool requireMITM, SecurityIOCapabilities_t iocaps); 00081 typedef void (*SecuritySetupCompletedCallback_t)(Gap::Handle_t, SecurityCompletionStatus_t status); 00082 typedef void (*LinkSecuredCallback_t)(Gap::Handle_t handle, SecurityMode_t securityMode); 00083 typedef void (*PasskeyDisplayCallback_t)(Gap::Handle_t handle, const Passkey_t passkey); 00084 00085 /* 00086 * The following functions are meant to be overridden in the platform-specific sub-class. 00087 */ 00088 public: 00089 /** 00090 * Enable the BLE stack's Security Manager. The Security Manager implements 00091 * the actual cryptographic algorithms and protocol exchanges that allow two 00092 * devices to securely exchange data and privately detect each other. 00093 * Calling this API is a prerequisite for encryption and pairing (bonding). 00094 * 00095 * @param[in] enableBonding Allow for bonding. 00096 * @param[in] requireMITM Require protection for man-in-the-middle attacks. 00097 * @param[in] iocaps To specify IO capabilities of this peripheral, 00098 * such as availability of a display or keyboard to 00099 * support out-of-band exchanges of security data. 00100 * @param[in] passkey To specify a static passkey. 00101 * 00102 * @return BLE_ERROR_NONE on success. 00103 */ 00104 virtual ble_error_t init(bool enableBonding = true, 00105 bool requireMITM = true, 00106 SecurityIOCapabilities_t iocaps = IO_CAPS_NONE, 00107 const Passkey_t passkey = NULL) { 00108 return BLE_ERROR_NOT_IMPLEMENTED; /* default implementation; override this if security is supported. */ 00109 } 00110 00111 /** 00112 * Get the security status of a connection. 00113 * 00114 * @param[in] connectionHandle Handle to identify the connection. 00115 * @param[out] securityStatusP security status. 00116 * 00117 * @return BLE_SUCCESS Or appropriate error code indicating reason for failure. 00118 */ 00119 virtual ble_error_t getLinkSecurity(Gap::Handle_t connectionHandle, LinkSecurityStatus_t *securityStatusP) { 00120 return BLE_ERROR_NOT_IMPLEMENTED; /* default implementation; override this if security is supported. */ 00121 } 00122 00123 /** 00124 * Delete all peer device context and all related bonding information from 00125 * the database within the security manager. 00126 * 00127 * @retval BLE_ERROR_NONE On success, else an error code indicating reason for failure. 00128 * @retval BLE_ERROR_INVALID_STATE If the API is called without module initialization and/or 00129 * application registration. 00130 */ 00131 virtual ble_error_t purgeAllBondingState(void) { 00132 return BLE_ERROR_NOT_IMPLEMENTED; /* default implementation; override this if security is supported. */ 00133 } 00134 00135 /* Event callback handlers. */ 00136 public: 00137 /** 00138 * To indicate that security procedure for link has started. 00139 */ 00140 virtual void onSecuritySetupInitiated(SecuritySetupInitiatedCallback_t callback) {securitySetupInitiatedCallback = callback;} 00141 00142 /** 00143 * To indicate that security procedure for link has completed. 00144 */ 00145 virtual void onSecuritySetupCompleted(SecuritySetupCompletedCallback_t callback) {securitySetupCompletedCallback = callback;} 00146 00147 /** 00148 * To indicate that link with the peer is secured. For bonded devices, 00149 * subsequent re-connections with bonded peer will result only in this callback 00150 * when the link is secured and setup procedures will not occur unless the 00151 * bonding information is either lost or deleted on either or both sides. 00152 */ 00153 virtual void onLinkSecured(LinkSecuredCallback_t callback) {linkSecuredCallback = callback;} 00154 00155 /** 00156 * To indicate that device context is stored persistently. 00157 */ 00158 virtual void onSecurityContextStored(HandleSpecificEvent_t callback) {securityContextStoredCallback = callback;} 00159 00160 /** 00161 * To set the callback for when the passkey needs to be displayed on a peripheral with DISPLAY capability. 00162 */ 00163 virtual void onPasskeyDisplay(PasskeyDisplayCallback_t callback) {passkeyDisplayCallback = callback;} 00164 00165 /* Entry points for the underlying stack to report events back to the user. */ 00166 public: 00167 void processSecuritySetupInitiatedEvent(Gap::Handle_t handle, bool allowBonding, bool requireMITM, SecurityIOCapabilities_t iocaps) { 00168 if (securitySetupInitiatedCallback) { 00169 securitySetupInitiatedCallback(handle, allowBonding, requireMITM, iocaps); 00170 } 00171 } 00172 00173 void processSecuritySetupCompletedEvent(Gap::Handle_t handle, SecurityCompletionStatus_t status) { 00174 if (securitySetupCompletedCallback) { 00175 securitySetupCompletedCallback(handle, status); 00176 } 00177 } 00178 00179 void processLinkSecuredEvent(Gap::Handle_t handle, SecurityMode_t securityMode) { 00180 if (linkSecuredCallback) { 00181 linkSecuredCallback(handle, securityMode); 00182 } 00183 } 00184 00185 void processSecurityContextStoredEvent(Gap::Handle_t handle) { 00186 if (securityContextStoredCallback) { 00187 securityContextStoredCallback(handle); 00188 } 00189 } 00190 00191 void processPasskeyDisplayEvent(Gap::Handle_t handle, const Passkey_t passkey) { 00192 if (passkeyDisplayCallback) { 00193 passkeyDisplayCallback(handle, passkey); 00194 } 00195 } 00196 00197 protected: 00198 SecurityManager() : 00199 securitySetupInitiatedCallback(), 00200 securitySetupCompletedCallback(), 00201 linkSecuredCallback(), 00202 securityContextStoredCallback(), 00203 passkeyDisplayCallback() { 00204 /* empty */ 00205 } 00206 00207 protected: 00208 SecuritySetupInitiatedCallback_t securitySetupInitiatedCallback; 00209 SecuritySetupCompletedCallback_t securitySetupCompletedCallback; 00210 LinkSecuredCallback_t linkSecuredCallback; 00211 HandleSpecificEvent_t securityContextStoredCallback; 00212 PasskeyDisplayCallback_t passkeyDisplayCallback; 00213 }; 00214 00215 #endif /*__SECURITY_MANAGER_H__*/
Generated on Wed Jul 13 2022 00:39:22 by
1.7.2