Game_Master

Users » WFKnight » Code » Game_Master

mbed-os/features/FEATURE_BLE/ble/SecurityManager.h@0:9b3d4731edbb, 2018-06-21 (annotated)

Committer:: WFKnight
Date:: Thu Jun 21 13:51:43 2018 +0000
Revision:: 0:9b3d4731edbb

UART, RTOS, LED

Who changed what in which revision?

User	Revision	Line number	New contents of line
WFKnight	0:9b3d4731edbb	1	/* mbed Microcontroller Library
WFKnight	0:9b3d4731edbb	2	* Copyright (c) 2006-2015 ARM Limited
WFKnight	0:9b3d4731edbb	3	*
WFKnight	0:9b3d4731edbb	4	* Licensed under the Apache License, Version 2.0 (the "License");
WFKnight	0:9b3d4731edbb	5	* you may not use this file except in compliance with the License.
WFKnight	0:9b3d4731edbb	6	* You may obtain a copy of the License at
WFKnight	0:9b3d4731edbb	7	*
WFKnight	0:9b3d4731edbb	8	* http://www.apache.org/licenses/LICENSE-2.0
WFKnight	0:9b3d4731edbb	9	*
WFKnight	0:9b3d4731edbb	10	* Unless required by applicable law or agreed to in writing, software
WFKnight	0:9b3d4731edbb	11	* distributed under the License is distributed on an "AS IS" BASIS,
WFKnight	0:9b3d4731edbb	12	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
WFKnight	0:9b3d4731edbb	13	* See the License for the specific language governing permissions and
WFKnight	0:9b3d4731edbb	14	* limitations under the License.
WFKnight	0:9b3d4731edbb	15	*/
WFKnight	0:9b3d4731edbb	16
WFKnight	0:9b3d4731edbb	17	#ifndef SECURITY_MANAGER_H_
WFKnight	0:9b3d4731edbb	18	#define SECURITY_MANAGER_H_
WFKnight	0:9b3d4731edbb	19
WFKnight	0:9b3d4731edbb	20	#include <stdint.h>
WFKnight	0:9b3d4731edbb	21
WFKnight	0:9b3d4731edbb	22	#include "Gap.h"
WFKnight	0:9b3d4731edbb	23	#include "CallChainOfFunctionPointersWithContext.h"
WFKnight	0:9b3d4731edbb	24	#include "ble/BLETypes.h"
WFKnight	0:9b3d4731edbb	25
WFKnight	0:9b3d4731edbb	26	/**
WFKnight	0:9b3d4731edbb	27	* Overview
WFKnight	0:9b3d4731edbb	28	*
WFKnight	0:9b3d4731edbb	29	* Security Manager is used to provide link security through encryption, signing and authentication
WFKnight	0:9b3d4731edbb	30	* which are made possible by pairing and optionally bonding. Pairing is the process of establishing
WFKnight	0:9b3d4731edbb	31	* and/or exchanging keys used for the current connection. Bonding means saving this information so that
WFKnight	0:9b3d4731edbb	32	* it can later be used after reconnecting without having to pair again. This saves time and power.
WFKnight	0:9b3d4731edbb	33	*
WFKnight	0:9b3d4731edbb	34	* @par Paring
WFKnight	0:9b3d4731edbb	35	*
WFKnight	0:9b3d4731edbb	36	* There are several ways to provide different levels of security during pairing depending on your requirements
WFKnight	0:9b3d4731edbb	37	* and the facilities provided by the application. The process starts with initialising the SecurityManager
WFKnight	0:9b3d4731edbb	38	* with default options for new connections. Some settings can later be changed per link or globally.
WFKnight	0:9b3d4731edbb	39	*
WFKnight	0:9b3d4731edbb	40	* The important settings in the init() function are the MITM requirement and IO capabilities. Man in the
WFKnight	0:9b3d4731edbb	41	* Middle (MITM) protection prevents an attack where one device can impersonate another device by
WFKnight	0:9b3d4731edbb	42	* pairing with both devices at the same time. This protection is achieved by sharing some information
WFKnight	0:9b3d4731edbb	43	* between the devices through some independent channel. The IO capabilities of both devices dictate
WFKnight	0:9b3d4731edbb	44	* what algorithm is used. For details @see BLUETOOTH SPECIFICATION Version 5.0 \| Vol 3, Part H - 2.3.5.1.
WFKnight	0:9b3d4731edbb	45	* You can change the IO capabilities after initialisation with setIoCapability(). This will take effect
WFKnight	0:9b3d4731edbb	46	* for all subsequent pairings.
WFKnight	0:9b3d4731edbb	47	*
WFKnight	0:9b3d4731edbb	48	* @par Out of Band data used in pairing
WFKnight	0:9b3d4731edbb	49	*
WFKnight	0:9b3d4731edbb	50	* Sharing this information through IO capabilities means user interaction which limits the degree of
WFKnight	0:9b3d4731edbb	51	* protection due to the limit of the amount of data that we can expect the user to transfer. Another
WFKnight	0:9b3d4731edbb	52	* solution is using OOB (out of band) communication to transfer this data instead which can send much
WFKnight	0:9b3d4731edbb	53	* more data making MITM attack even less likely to succeed. OOB data has to be exchanged by the application
WFKnight	0:9b3d4731edbb	54	* and provided to the Security Manager. Use setOOBDataUsage() to indicate you want to use it. The same call also
WFKnight	0:9b3d4731edbb	55	* allows you to set whether or not the communication channel you are using to transmit the OOB data is
WFKnight	0:9b3d4731edbb	56	* itself secure against MITM protection - this will set the level of the link security achieved using pairing
WFKnight	0:9b3d4731edbb	57	* that uses this data.
WFKnight	0:9b3d4731edbb	58	*
WFKnight	0:9b3d4731edbb	59	* The most secure pairing is provided by Secure Connections which relies on Elliptical Curve Cryptography.
WFKnight	0:9b3d4731edbb	60	* Support for Secure Connections is dependent on both the stack and controller on both sides supporting
WFKnight	0:9b3d4731edbb	61	* it. If either side doesn't support it Legacy Pairing will be used. This is an older standard of pairing.
WFKnight	0:9b3d4731edbb	62	* If higher security is required legacy pairing can be disabled by calling allowLegacyPairing(false);
WFKnight	0:9b3d4731edbb	63	*
WFKnight	0:9b3d4731edbb	64	* @par Signing
WFKnight	0:9b3d4731edbb	65	*
WFKnight	0:9b3d4731edbb	66	* Applications may require a level of security providing confidence that data transfers are coming
WFKnight	0:9b3d4731edbb	67	* from a trusted source. This can be achieved by encrypting the link which also provides added confidentiality.
WFKnight	0:9b3d4731edbb	68	* Encryption is a good choice when a device stays connected but introduces latency due to the need of encrypting the
WFKnight	0:9b3d4731edbb	69	* link if the device only connects periodically to transfer data. If confidentiality is not required data GATT
WFKnight	0:9b3d4731edbb	70	* server may allow writes to happen over an unencrypted link but authenticated by a signature present in each packet.
WFKnight	0:9b3d4731edbb	71	* This signature relies on having sent a signing key to the peer during pairing prior to sending any signed packets.
WFKnight	0:9b3d4731edbb	72	*
WFKnight	0:9b3d4731edbb	73	* @par Persistence of Security information
WFKnight	0:9b3d4731edbb	74	*
WFKnight	0:9b3d4731edbb	75	* Security Manager stores all the data required for its operation on active links. Depending on resources
WFKnight	0:9b3d4731edbb	76	* available on the device it will also attempt to store data for disconnected devices which have bonded to be
WFKnight	0:9b3d4731edbb	77	* reused when reconnected.
WFKnight	0:9b3d4731edbb	78	*
WFKnight	0:9b3d4731edbb	79	* If the application has initialised a filesystem and the Security Manager has been provided with a
WFKnight	0:9b3d4731edbb	80	* filepath during the init() call it may also provide data persistence across resets. This must be enabled by
WFKnight	0:9b3d4731edbb	81	* calling preserveBondingStateOnReset(). Persistence is not guaranteed and may fail if abnormally terminated.
WFKnight	0:9b3d4731edbb	82	* The Security Manager may also fall back to a non-persistent implementation if the resources are too limited.
WFKnight	0:9b3d4731edbb	83	*
WFKnight	0:9b3d4731edbb	84	* @par How to use
WFKnight	0:9b3d4731edbb	85	*
WFKnight	0:9b3d4731edbb	86	* First thing you need to do is to initialise the manager by calling init() with your chosen settings.
WFKnight	0:9b3d4731edbb	87	*
WFKnight	0:9b3d4731edbb	88	* The SecurityManager communicates with your application through events. These will trigger calls in
WFKnight	0:9b3d4731edbb	89	* the EventHandler which you must provide by calling the setSecurityManagerEventHandler() function.
WFKnight	0:9b3d4731edbb	90	*
WFKnight	0:9b3d4731edbb	91	* The most important process is pairing. This may be triggered manually by calling requestPairing() or
WFKnight	0:9b3d4731edbb	92	* may be called as a result of the application requiring encryption by calling setLinkEncryption() or
WFKnight	0:9b3d4731edbb	93	* as a result of the application requiring MITM protection through requestAuthentication().
WFKnight	0:9b3d4731edbb	94	*
WFKnight	0:9b3d4731edbb	95	* All these can be implicitly called by using setLinkSecurity() to conveniently set the required
WFKnight	0:9b3d4731edbb	96	* security for the link. The SecurityManager will trigger all the process required to achieve the set
WFKnight	0:9b3d4731edbb	97	* security level. Security level can only be escalated. Asking the Security Manager for a lower
WFKnight	0:9b3d4731edbb	98	* security level than the existing one will not fail but will result in a event informing the
WFKnight	0:9b3d4731edbb	99	* application through linkEncryptionResult() of the current level (which remains unchanged).
WFKnight	0:9b3d4731edbb	100	*
WFKnight	0:9b3d4731edbb	101	* Depending on the IO capabilities and OOB usage settings different pairing algorithms will be chosen.
WFKnight	0:9b3d4731edbb	102	* They will produce appropriate events which must be handled by your EventHandler. If your event handler
WFKnight	0:9b3d4731edbb	103	* doesn't support all the calls you must not set IO capabilities or set OOB usage in such a way that would
WFKnight	0:9b3d4731edbb	104	* trigger them or else the pairing will fail (usually by timing out).
WFKnight	0:9b3d4731edbb	105	*
WFKnight	0:9b3d4731edbb	106	* The simplest example is a pairing of a device with no IO capabilities and no OOB data available.
WFKnight	0:9b3d4731edbb	107	* With such limited pairing capabilities the "just works" method will be employed. This does not provide
WFKnight	0:9b3d4731edbb	108	* any MITM protection. The pairing (triggered implicitly or called explicitly) will result in an event
WFKnight	0:9b3d4731edbb	109	* being generated on the peer calling pairingRequest(). The event handler must make a decision (either in
WFKnight	0:9b3d4731edbb	110	* the application itself or based on user interaction) whether to accept the pairing and call
WFKnight	0:9b3d4731edbb	111	* accetPairing() or cancelPairing(). The result will be communicated on both peers through an event calling
WFKnight	0:9b3d4731edbb	112	* pairingResult() in the EventHandler.
WFKnight	0:9b3d4731edbb	113	*
WFKnight	0:9b3d4731edbb	114	* @par Sequence diagrams
WFKnight	0:9b3d4731edbb	115	*
WFKnight	0:9b3d4731edbb	116	* Sequence diagram "Just Works" pairing
WFKnight	0:9b3d4731edbb	117	*
WFKnight	0:9b3d4731edbb	118	* \verbatim
WFKnight	0:9b3d4731edbb	119	* /----------- Device 1 --------------\ ------ BLE link ------ /-------------- Device 2 -------------\
WFKnight	0:9b3d4731edbb	120	*
WFKnight	0:9b3d4731edbb	121	* App EventHandler SecurityManager SecurityManager EventHandler App
WFKnight	0:9b3d4731edbb	122	* \| \| \| \| \| \|
WFKnight	0:9b3d4731edbb	123	* \|---------------------------> requestPairing() \| \| \|
WFKnight	0:9b3d4731edbb	124	* \| \| \|------[pairing start]------>\| \| \|
WFKnight	0:9b3d4731edbb	125	* \| \| \| \|----------------> pairingRequest() ->\|
WFKnight	0:9b3d4731edbb	126	* \| \| \| acceptPairing() <------------------------ \|
WFKnight	0:9b3d4731edbb	127	* \| \| \|<---[pairing complete]----->\| \| \|
WFKnight	0:9b3d4731edbb	128	* \|<- pairingResult() <---------------\| \|----------------> pairingResult() -->\|
WFKnight	0:9b3d4731edbb	129	* \| \| \| \| \| \|
WFKnight	0:9b3d4731edbb	130	* @endverbatim
WFKnight	0:9b3d4731edbb	131	*
WFKnight	0:9b3d4731edbb	132	* @note the requestPairing() call isn't required to trigger pairing. Pairing will also be triggered
WFKnight	0:9b3d4731edbb	133	* if you request encryption and authentication and no bonding information is available. The sequence will
WFKnight	0:9b3d4731edbb	134	* be the same save for the lack of explicit requestPairing() call.
WFKnight	0:9b3d4731edbb	135	*
WFKnight	0:9b3d4731edbb	136	*
WFKnight	0:9b3d4731edbb	137	* Sequence diagram Encryption request when bonding information is available
WFKnight	0:9b3d4731edbb	138	*
WFKnight	0:9b3d4731edbb	139	* \verbatim
WFKnight	0:9b3d4731edbb	140	* /----------- Device 1 --------------\ ------ BLE link ------ /-------------- Device 2 -------------\
WFKnight	0:9b3d4731edbb	141	*
WFKnight	0:9b3d4731edbb	142	* App EventHandler SecurityManager SecurityManager EventHandler App
WFKnight	0:9b3d4731edbb	143	* \| \| \| \| \| \|
WFKnight	0:9b3d4731edbb	144	* \|---------------------------> setLinkEncryption() \| \| \|
WFKnight	0:9b3d4731edbb	145	* \| \| \|<-[encryption established]->\| \| \|
WFKnight	0:9b3d4731edbb	146	* \|<- linkEncryptionResult() <--------\| \|---------> linkEncryptionResult() -->\|
WFKnight	0:9b3d4731edbb	147	* \| \| \| \| \| \|
WFKnight	0:9b3d4731edbb	148	* @endverbatim
WFKnight	0:9b3d4731edbb	149	*
WFKnight	0:9b3d4731edbb	150	* @note if bonding information is not available, pairing will be triggered
WFKnight	0:9b3d4731edbb	151	*
WFKnight	0:9b3d4731edbb	152	*
WFKnight	0:9b3d4731edbb	153	* Sequence diagram for Secure Connections passkey entry pairing with one device having a display only
WFKnight	0:9b3d4731edbb	154	* and other a keyboard
WFKnight	0:9b3d4731edbb	155	*
WFKnight	0:9b3d4731edbb	156	* \verbatim
WFKnight	0:9b3d4731edbb	157	* /----------- Device 1 (keyboard) ---\ ------ BLE link ------ /-------------- Device 2 (display) ---\
WFKnight	0:9b3d4731edbb	158	*
WFKnight	0:9b3d4731edbb	159	* App EventHandler SecurityManager SecurityManager EventHandler App
WFKnight	0:9b3d4731edbb	160	* \| \| \| \| \| \|
WFKnight	0:9b3d4731edbb	161	* \|---------------------------> requestPairing() \| \| \|
WFKnight	0:9b3d4731edbb	162	* \| \| \|------[pairing start]------>\| \| \|
WFKnight	0:9b3d4731edbb	163	* \| \| \| \|----------------> pairingRequest() ->\|
WFKnight	0:9b3d4731edbb	164	* \| \| \| acceptPairing() <------------------------ \|
WFKnight	0:9b3d4731edbb	165	* \| \| \|<---[secure con. pairing]-->\| \| \|
WFKnight	0:9b3d4731edbb	166	* \|<- passkeyRequest() <--------------\| \|----------------> passkeyDisplay() ->\|
WFKnight	0:9b3d4731edbb	167	* \| \| \| \| \| \|
WFKnight	0:9b3d4731edbb	168	*
WFKnight	0:9b3d4731edbb	169	* user reads the passkey on Device 2 and inputs it on Device 1
WFKnight	0:9b3d4731edbb	170	*
WFKnight	0:9b3d4731edbb	171	* \| \| \| \| \| \|
WFKnight	0:9b3d4731edbb	172	* \|-------------------------->passkeyEntered() \| \| \|
WFKnight	0:9b3d4731edbb	173	* \| \| \|<---[pairing complete]----->\| \| \|
WFKnight	0:9b3d4731edbb	174	* \|<- pairingResult() <---------------\| \|----------------> pairingResult() -->\|
WFKnight	0:9b3d4731edbb	175	* \| \| \| \| \| \|
WFKnight	0:9b3d4731edbb	176	* @endverbatim
WFKnight	0:9b3d4731edbb	177	*
WFKnight	0:9b3d4731edbb	178	*/
WFKnight	0:9b3d4731edbb	179
WFKnight	0:9b3d4731edbb	180	class SecurityManager {
WFKnight	0:9b3d4731edbb	181	public:
WFKnight	0:9b3d4731edbb	182	/** events sent and received when passkey is being entered */
WFKnight	0:9b3d4731edbb	183	enum Keypress_t {
WFKnight	0:9b3d4731edbb	184	KEYPRESS_STARTED, /*< Passkey entry started /
WFKnight	0:9b3d4731edbb	185	KEYPRESS_ENTERED, /*< Passkey digit entered /
WFKnight	0:9b3d4731edbb	186	KEYPRESS_ERASED, /*< Passkey digit erased /
WFKnight	0:9b3d4731edbb	187	KEYPRESS_CLEARED, /*< Passkey cleared /
WFKnight	0:9b3d4731edbb	188	KEYPRESS_COMPLETED, /*< Passkey entry completed /
WFKnight	0:9b3d4731edbb	189	};
WFKnight	0:9b3d4731edbb	190
WFKnight	0:9b3d4731edbb	191	/** level of security required from the link by the application */
WFKnight	0:9b3d4731edbb	192	enum SecurityMode_t {
WFKnight	0:9b3d4731edbb	193	SECURITY_MODE_NO_ACCESS,
WFKnight	0:9b3d4731edbb	194	SECURITY_MODE_ENCRYPTION_OPEN_LINK, /*< Require no protection, open link. /
WFKnight	0:9b3d4731edbb	195	SECURITY_MODE_ENCRYPTION_NO_MITM, /*< Require encryption, but no MITM protection. /
WFKnight	0:9b3d4731edbb	196	SECURITY_MODE_ENCRYPTION_WITH_MITM, /*< Require encryption and MITM protection. /
WFKnight	0:9b3d4731edbb	197	SECURITY_MODE_SIGNED_NO_MITM, /*< Require signing or encryption, but no MITM protection. /
WFKnight	0:9b3d4731edbb	198	SECURITY_MODE_SIGNED_WITH_MITM, /*< Require signing or encryption, and MITM protection. /
WFKnight	0:9b3d4731edbb	199	};
WFKnight	0:9b3d4731edbb	200
WFKnight	0:9b3d4731edbb	201	/**
WFKnight	0:9b3d4731edbb	202	* @brief Defines possible security status or states.
WFKnight	0:9b3d4731edbb	203	*
WFKnight	0:9b3d4731edbb	204	* @details Defines possible security status or states of a link when requested by getLinkSecurity().
WFKnight	0:9b3d4731edbb	205	*/
WFKnight	0:9b3d4731edbb	206	enum LinkSecurityStatus_t {
WFKnight	0:9b3d4731edbb	207	NOT_ENCRYPTED, /*< The link is not secured. /
WFKnight	0:9b3d4731edbb	208	ENCRYPTION_IN_PROGRESS, /*< Link security is being established./
WFKnight	0:9b3d4731edbb	209	ENCRYPTED /*< The link is secure./
WFKnight	0:9b3d4731edbb	210	};
WFKnight	0:9b3d4731edbb	211
WFKnight	0:9b3d4731edbb	212	/** Input/output capability of the device and application */
WFKnight	0:9b3d4731edbb	213	enum SecurityIOCapabilities_t {
WFKnight	0:9b3d4731edbb	214	IO_CAPS_DISPLAY_ONLY = 0x00, /*< Display only. /
WFKnight	0:9b3d4731edbb	215	IO_CAPS_DISPLAY_YESNO = 0x01, /*< Display and yes/no entry. /
WFKnight	0:9b3d4731edbb	216	IO_CAPS_KEYBOARD_ONLY = 0x02, /*< Keyboard only. /
WFKnight	0:9b3d4731edbb	217	IO_CAPS_NONE = 0x03, /*< No I/O capabilities. /
WFKnight	0:9b3d4731edbb	218	IO_CAPS_KEYBOARD_DISPLAY = 0x04, /*< Keyboard and display. /
WFKnight	0:9b3d4731edbb	219	};
WFKnight	0:9b3d4731edbb	220
WFKnight	0:9b3d4731edbb	221	/** Result of security requests */
WFKnight	0:9b3d4731edbb	222	enum SecurityCompletionStatus_t {
WFKnight	0:9b3d4731edbb	223	SEC_STATUS_SUCCESS = 0x00, /*< Procedure completed with success. /
WFKnight	0:9b3d4731edbb	224	SEC_STATUS_TIMEOUT = 0x01, /*< Procedure timed out. /
WFKnight	0:9b3d4731edbb	225	SEC_STATUS_PDU_INVALID = 0x02, /*< Invalid PDU received. /
WFKnight	0:9b3d4731edbb	226	SEC_STATUS_PASSKEY_ENTRY_FAILED = 0x81, /*< Passkey entry failed (user cancelled or other). /
WFKnight	0:9b3d4731edbb	227	SEC_STATUS_OOB_NOT_AVAILABLE = 0x82, /*< Out of Band Key not available. /
WFKnight	0:9b3d4731edbb	228	SEC_STATUS_AUTH_REQ = 0x83, /*< Authentication requirements not met. /
WFKnight	0:9b3d4731edbb	229	SEC_STATUS_CONFIRM_VALUE = 0x84, /*< Confirm value failed. /
WFKnight	0:9b3d4731edbb	230	SEC_STATUS_PAIRING_NOT_SUPP = 0x85, /*< Pairing not supported. /
WFKnight	0:9b3d4731edbb	231	SEC_STATUS_ENC_KEY_SIZE = 0x86, /*< Encryption key size. /
WFKnight	0:9b3d4731edbb	232	SEC_STATUS_SMP_CMD_UNSUPPORTED = 0x87, /*< Unsupported SMP command. /
WFKnight	0:9b3d4731edbb	233	SEC_STATUS_UNSPECIFIED = 0x88, /*< Unspecified reason. /
WFKnight	0:9b3d4731edbb	234	SEC_STATUS_REPEATED_ATTEMPTS = 0x89, /*< Too little time elapsed since last attempt. /
WFKnight	0:9b3d4731edbb	235	SEC_STATUS_INVALID_PARAMS = 0x8A, /*< Invalid parameters. /
WFKnight	0:9b3d4731edbb	236	SEC_STATUS_DHKEY_CHECK_FAILED = 0x8B, /*< DHKey received doesn’t match locally calculated one. /
WFKnight	0:9b3d4731edbb	237	SEC_STATUS_COMPARISON_FAILED = 0x8C, /*< Values in the numeric comparison protocol do not match. /
WFKnight	0:9b3d4731edbb	238	};
WFKnight	0:9b3d4731edbb	239
WFKnight	0:9b3d4731edbb	240	/**
WFKnight	0:9b3d4731edbb	241	* Declaration of type containing a passkey to be used during pairing. This
WFKnight	0:9b3d4731edbb	242	* is passed into initializeSecurity() to specify a pre-programmed passkey
WFKnight	0:9b3d4731edbb	243	* for authentication instead of generating a random one.
WFKnight	0:9b3d4731edbb	244	*/
WFKnight	0:9b3d4731edbb	245	static const unsigned PASSKEY_LEN = 6;
WFKnight	0:9b3d4731edbb	246	typedef uint8_t Passkey_t[PASSKEY_LEN]; /*< 6-digit passkey in ASCII ('0'-'9' digits only). /
WFKnight	0:9b3d4731edbb	247
WFKnight	0:9b3d4731edbb	248	typedef FunctionPointerWithContext<const SecurityManager *> SecurityManagerShutdownCallback_t;
WFKnight	0:9b3d4731edbb	249	typedef CallChainOfFunctionPointersWithContext<const SecurityManager *> SecurityManagerShutdownCallbackChain_t;
WFKnight	0:9b3d4731edbb	250
WFKnight	0:9b3d4731edbb	251	/* legacy callbacks, please use SecurityManagerEventHandler instead */
WFKnight	0:9b3d4731edbb	252	typedef void (*HandleSpecificEvent_t)(ble::connection_handle_t connectionHandle);
WFKnight	0:9b3d4731edbb	253	typedef void (*SecuritySetupInitiatedCallback_t)(ble::connection_handle_t, bool allowBonding, bool requireMITM, SecurityIOCapabilities_t iocaps);
WFKnight	0:9b3d4731edbb	254	typedef void (*SecuritySetupCompletedCallback_t)(ble::connection_handle_t, SecurityCompletionStatus_t status);
WFKnight	0:9b3d4731edbb	255	typedef void (*LinkSecuredCallback_t)(ble::connection_handle_t connectionHandle, SecurityMode_t securityMode);
WFKnight	0:9b3d4731edbb	256	typedef void (*PasskeyDisplayCallback_t)(ble::connection_handle_t connectionHandle, const Passkey_t passkey);
WFKnight	0:9b3d4731edbb	257
WFKnight	0:9b3d4731edbb	258	/** The stack will use these functions to signal events to the application,
WFKnight	0:9b3d4731edbb	259	* subclass to override handlers. Use SecurityManager::setSecurityManagerEventHandler
WFKnight	0:9b3d4731edbb	260	* to set the interface implementation to be used. */
WFKnight	0:9b3d4731edbb	261	class EventHandler {
WFKnight	0:9b3d4731edbb	262	public:
WFKnight	0:9b3d4731edbb	263	EventHandler() {};
WFKnight	0:9b3d4731edbb	264	virtual ~EventHandler() {};
WFKnight	0:9b3d4731edbb	265
WFKnight	0:9b3d4731edbb	266	////////////////////////////////////////////////////////////////////////////
WFKnight	0:9b3d4731edbb	267	// Pairing
WFKnight	0:9b3d4731edbb	268	//
WFKnight	0:9b3d4731edbb	269
WFKnight	0:9b3d4731edbb	270	/**
WFKnight	0:9b3d4731edbb	271	* Request application to accept or reject pairing. Application should respond by
WFKnight	0:9b3d4731edbb	272	* calling the appropriate function: acceptPairingRequest or cancelPairingRequest
WFKnight	0:9b3d4731edbb	273	*
WFKnight	0:9b3d4731edbb	274	* @param[in] connectionHandle connection connectionHandle
WFKnight	0:9b3d4731edbb	275	*/
WFKnight	0:9b3d4731edbb	276	virtual void pairingRequest(ble::connection_handle_t connectionHandle) {
WFKnight	0:9b3d4731edbb	277	(void)connectionHandle;
WFKnight	0:9b3d4731edbb	278	}
WFKnight	0:9b3d4731edbb	279
WFKnight	0:9b3d4731edbb	280	/**
WFKnight	0:9b3d4731edbb	281	* Indicate to the application that pairing has completed.
WFKnight	0:9b3d4731edbb	282	*
WFKnight	0:9b3d4731edbb	283	* @param[in] connectionHandle connection connectionHandle
WFKnight	0:9b3d4731edbb	284	* @param[in] result result of the pairing indicating success or reason for failure
WFKnight	0:9b3d4731edbb	285	*/
WFKnight	0:9b3d4731edbb	286	virtual void pairingResult(ble::connection_handle_t connectionHandle, SecurityCompletionStatus_t result) {
WFKnight	0:9b3d4731edbb	287	(void)connectionHandle;
WFKnight	0:9b3d4731edbb	288	(void)result;
WFKnight	0:9b3d4731edbb	289	}
WFKnight	0:9b3d4731edbb	290
WFKnight	0:9b3d4731edbb	291	////////////////////////////////////////////////////////////////////////////
WFKnight	0:9b3d4731edbb	292	// Security
WFKnight	0:9b3d4731edbb	293	//
WFKnight	0:9b3d4731edbb	294
WFKnight	0:9b3d4731edbb	295	/**
WFKnight	0:9b3d4731edbb	296	* Deliver the requested whitelist to the application.
WFKnight	0:9b3d4731edbb	297	*
WFKnight	0:9b3d4731edbb	298	* @param[in] whitelist pointer to the whitelist filled with entries based on bonding information
WFKnight	0:9b3d4731edbb	299	*/
WFKnight	0:9b3d4731edbb	300	virtual void whitelistFromBondTable(Gap::Whitelist_t* whitelist) {
WFKnight	0:9b3d4731edbb	301	(void)whitelist;
WFKnight	0:9b3d4731edbb	302	}
WFKnight	0:9b3d4731edbb	303
WFKnight	0:9b3d4731edbb	304	////////////////////////////////////////////////////////////////////////////
WFKnight	0:9b3d4731edbb	305	// Encryption
WFKnight	0:9b3d4731edbb	306	//
WFKnight	0:9b3d4731edbb	307
WFKnight	0:9b3d4731edbb	308	/**
WFKnight	0:9b3d4731edbb	309	* Inform the device of the encryption state of a given link.
WFKnight	0:9b3d4731edbb	310	*
WFKnight	0:9b3d4731edbb	311	* @param[in] connectionHandle connection connectionHandle
WFKnight	0:9b3d4731edbb	312	* @param[in] result encryption state of the link
WFKnight	0:9b3d4731edbb	313	*/
WFKnight	0:9b3d4731edbb	314	virtual void linkEncryptionResult(ble::connection_handle_t connectionHandle, ble::link_encryption_t result) {
WFKnight	0:9b3d4731edbb	315	(void)connectionHandle;
WFKnight	0:9b3d4731edbb	316	(void)result;
WFKnight	0:9b3d4731edbb	317	}
WFKnight	0:9b3d4731edbb	318
WFKnight	0:9b3d4731edbb	319	////////////////////////////////////////////////////////////////////////////
WFKnight	0:9b3d4731edbb	320	// MITM
WFKnight	0:9b3d4731edbb	321	//
WFKnight	0:9b3d4731edbb	322
WFKnight	0:9b3d4731edbb	323	/**
WFKnight	0:9b3d4731edbb	324	* Display the given passkey on the local device.
WFKnight	0:9b3d4731edbb	325	*
WFKnight	0:9b3d4731edbb	326	* @param[in] connectionHandle connection connectionHandle
WFKnight	0:9b3d4731edbb	327	* @param[in] passkey 6 digit passkey to be displayed
WFKnight	0:9b3d4731edbb	328	*/
WFKnight	0:9b3d4731edbb	329	virtual void passkeyDisplay(ble::connection_handle_t connectionHandle, const SecurityManager::Passkey_t passkey) {
WFKnight	0:9b3d4731edbb	330	(void)connectionHandle;
WFKnight	0:9b3d4731edbb	331	(void)passkey;
WFKnight	0:9b3d4731edbb	332	}
WFKnight	0:9b3d4731edbb	333
WFKnight	0:9b3d4731edbb	334	/**
WFKnight	0:9b3d4731edbb	335	* Indicate to the application that a confirmation is required. This is used
WFKnight	0:9b3d4731edbb	336	* when the device does not have a keyboard but has a yes/no button. The device
WFKnight	0:9b3d4731edbb	337	* displays numbers on its display in response to passkeyDisplay and the user
WFKnight	0:9b3d4731edbb	338	* checks if they are the same on both devices. The application should proceed
WFKnight	0:9b3d4731edbb	339	* by supplying the confirmation using the confirmationEntered function.
WFKnight	0:9b3d4731edbb	340	*
WFKnight	0:9b3d4731edbb	341	* @param[in] connectionHandle connection connectionHandle
WFKnight	0:9b3d4731edbb	342	*/
WFKnight	0:9b3d4731edbb	343	virtual void confirmationRequest(ble::connection_handle_t connectionHandle) {
WFKnight	0:9b3d4731edbb	344	(void)connectionHandle;
WFKnight	0:9b3d4731edbb	345	}
WFKnight	0:9b3d4731edbb	346
WFKnight	0:9b3d4731edbb	347	/**
WFKnight	0:9b3d4731edbb	348	* Indicate to the application that a passkey is required. The application should
WFKnight	0:9b3d4731edbb	349	* proceed by supplying the passkey through the passkeyEntered function.
WFKnight	0:9b3d4731edbb	350	*
WFKnight	0:9b3d4731edbb	351	* @param[in] connectionHandle connection connectionHandle
WFKnight	0:9b3d4731edbb	352	*/
WFKnight	0:9b3d4731edbb	353	virtual void passkeyRequest(ble::connection_handle_t connectionHandle) {
WFKnight	0:9b3d4731edbb	354	(void)connectionHandle;
WFKnight	0:9b3d4731edbb	355	}
WFKnight	0:9b3d4731edbb	356
WFKnight	0:9b3d4731edbb	357	/**
WFKnight	0:9b3d4731edbb	358	* Notify the application that a key was pressed by the peer during passkey entry.
WFKnight	0:9b3d4731edbb	359	*
WFKnight	0:9b3d4731edbb	360	* @param[in] connectionHandle connection connectionHandle
WFKnight	0:9b3d4731edbb	361	* @param[in] keypress type of keypress event
WFKnight	0:9b3d4731edbb	362	*/
WFKnight	0:9b3d4731edbb	363	virtual void keypressNotification(ble::connection_handle_t connectionHandle, SecurityManager::Keypress_t keypress) {
WFKnight	0:9b3d4731edbb	364	(void)connectionHandle;
WFKnight	0:9b3d4731edbb	365	(void)keypress;
WFKnight	0:9b3d4731edbb	366	}
WFKnight	0:9b3d4731edbb	367
WFKnight	0:9b3d4731edbb	368	/**
WFKnight	0:9b3d4731edbb	369	* Indicate to the application it needs to return legacy pairing OOB to the stack.
WFKnight	0:9b3d4731edbb	370	*
WFKnight	0:9b3d4731edbb	371	* @param[in] connectionHandle connection connectionHandle
WFKnight	0:9b3d4731edbb	372	*/
WFKnight	0:9b3d4731edbb	373	virtual void legacyPairingOobRequest(ble::connection_handle_t connectionHandle) {
WFKnight	0:9b3d4731edbb	374	(void)connectionHandle;
WFKnight	0:9b3d4731edbb	375	}
WFKnight	0:9b3d4731edbb	376
WFKnight	0:9b3d4731edbb	377	/**
WFKnight	0:9b3d4731edbb	378	* Indicate that the application needs to send legacy pairing OOB data to the peer.
WFKnight	0:9b3d4731edbb	379	*
WFKnight	0:9b3d4731edbb	380	* @param[in] address address that will be used in the pairing
WFKnight	0:9b3d4731edbb	381	* @param[in] temporaryKey temporary key to be used in legacy pairing
WFKnight	0:9b3d4731edbb	382	*/
WFKnight	0:9b3d4731edbb	383	virtual void legacyPairingOobGenerated(const ble::address_t *address,
WFKnight	0:9b3d4731edbb	384	const ble::oob_tk_t *temporaryKey) {
WFKnight	0:9b3d4731edbb	385	(void)address;
WFKnight	0:9b3d4731edbb	386	(void)temporaryKey;
WFKnight	0:9b3d4731edbb	387	}
WFKnight	0:9b3d4731edbb	388
WFKnight	0:9b3d4731edbb	389	/**
WFKnight	0:9b3d4731edbb	390	* Indicate that the application needs to send secure connections OOB data to the peer.
WFKnight	0:9b3d4731edbb	391	*
WFKnight	0:9b3d4731edbb	392	* @param[in] address address that will be used in the pairing
WFKnight	0:9b3d4731edbb	393	* @param[in] random random number used to generate the confirmation
WFKnight	0:9b3d4731edbb	394	* @param[in] confirm confirmation value to be use for authentication
WFKnight	0:9b3d4731edbb	395	* in secure connections pairing
WFKnight	0:9b3d4731edbb	396	*/
WFKnight	0:9b3d4731edbb	397	virtual void oobGenerated(const ble::address_t *address,
WFKnight	0:9b3d4731edbb	398	const ble::oob_lesc_value_t *random,
WFKnight	0:9b3d4731edbb	399	const ble::oob_confirm_t *confirm) {
WFKnight	0:9b3d4731edbb	400	(void)address;
WFKnight	0:9b3d4731edbb	401	(void)random;
WFKnight	0:9b3d4731edbb	402	(void)confirm;
WFKnight	0:9b3d4731edbb	403	}
WFKnight	0:9b3d4731edbb	404
WFKnight	0:9b3d4731edbb	405	////////////////////////////////////////////////////////////////////////////
WFKnight	0:9b3d4731edbb	406	// Keys
WFKnight	0:9b3d4731edbb	407	//
WFKnight	0:9b3d4731edbb	408
WFKnight	0:9b3d4731edbb	409	/**
WFKnight	0:9b3d4731edbb	410	* Deliver the signing key to the application.
WFKnight	0:9b3d4731edbb	411	*
WFKnight	0:9b3d4731edbb	412	* @param[in] connectionHandle connection connectionHandle
WFKnight	0:9b3d4731edbb	413	* @param[in] csrk signing key, pointer only valid during call
WFKnight	0:9b3d4731edbb	414	* @param[in] authenticated indicates if the signing key is authenticated
WFKnight	0:9b3d4731edbb	415	*/
WFKnight	0:9b3d4731edbb	416	virtual void signingKey(ble::connection_handle_t connectionHandle, const ble::csrk_t *csrk, bool authenticated) {
WFKnight	0:9b3d4731edbb	417	(void)connectionHandle;
WFKnight	0:9b3d4731edbb	418	(void)csrk;
WFKnight	0:9b3d4731edbb	419	(void)authenticated;
WFKnight	0:9b3d4731edbb	420	}
WFKnight	0:9b3d4731edbb	421	};
WFKnight	0:9b3d4731edbb	422
WFKnight	0:9b3d4731edbb	423	/*
WFKnight	0:9b3d4731edbb	424	* The following functions are meant to be overridden in the platform-specific sub-class.
WFKnight	0:9b3d4731edbb	425	*/
WFKnight	0:9b3d4731edbb	426	public:
WFKnight	0:9b3d4731edbb	427	////////////////////////////////////////////////////////////////////////////
WFKnight	0:9b3d4731edbb	428	// SM lifecycle management
WFKnight	0:9b3d4731edbb	429	//
WFKnight	0:9b3d4731edbb	430
WFKnight	0:9b3d4731edbb	431	/**
WFKnight	0:9b3d4731edbb	432	* Enable the BLE stack's Security Manager. The Security Manager implements
WFKnight	0:9b3d4731edbb	433	* the actual cryptographic algorithms and protocol exchanges that allow two
WFKnight	0:9b3d4731edbb	434	* devices to securely exchange data and privately detect each other.
WFKnight	0:9b3d4731edbb	435	* Calling this API is a prerequisite for encryption and pairing (bonding).
WFKnight	0:9b3d4731edbb	436	*
WFKnight	0:9b3d4731edbb	437	* @param[in] enableBonding Allow for bonding.
WFKnight	0:9b3d4731edbb	438	* @param[in] requireMITM Require protection for man-in-the-middle attacks.
WFKnight	0:9b3d4731edbb	439	* @param[in] iocaps To specify the I/O capabilities of this peripheral,
WFKnight	0:9b3d4731edbb	440	* such as availability of a display or keyboard, to
WFKnight	0:9b3d4731edbb	441	* support out-of-band exchanges of security data.
WFKnight	0:9b3d4731edbb	442	* @param[in] passkey To specify a static passkey.
WFKnight	0:9b3d4731edbb	443	* @param[in] signing Generate and distribute signing key during pairing
WFKnight	0:9b3d4731edbb	444	* @param[in] dbFilepath Path to the file used to store keys in the filesystem,
WFKnight	0:9b3d4731edbb	445	* if NULL keys will be only stored in memory
WFKnight	0:9b3d4731edbb	446	*
WFKnight	0:9b3d4731edbb	447	*
WFKnight	0:9b3d4731edbb	448	* @return BLE_ERROR_NONE on success.
WFKnight	0:9b3d4731edbb	449	*/
WFKnight	0:9b3d4731edbb	450	virtual ble_error_t init(bool enableBonding = true,
WFKnight	0:9b3d4731edbb	451	bool requireMITM = true,
WFKnight	0:9b3d4731edbb	452	SecurityIOCapabilities_t iocaps = IO_CAPS_NONE,
WFKnight	0:9b3d4731edbb	453	const Passkey_t passkey = NULL,
WFKnight	0:9b3d4731edbb	454	bool signing = true,
WFKnight	0:9b3d4731edbb	455	const char *dbFilepath = NULL) {
WFKnight	0:9b3d4731edbb	456	/* Avoid compiler warnings about unused variables. */
WFKnight	0:9b3d4731edbb	457	(void)enableBonding;
WFKnight	0:9b3d4731edbb	458	(void)requireMITM;
WFKnight	0:9b3d4731edbb	459	(void)iocaps;
WFKnight	0:9b3d4731edbb	460	(void)passkey;
WFKnight	0:9b3d4731edbb	461	(void)dbFilepath;
WFKnight	0:9b3d4731edbb	462
WFKnight	0:9b3d4731edbb	463	return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
WFKnight	0:9b3d4731edbb	464	}
WFKnight	0:9b3d4731edbb	465
WFKnight	0:9b3d4731edbb	466	/**
WFKnight	0:9b3d4731edbb	467	* Change the file used for the security database. If path is invalid or a NULL is passed
WFKnight	0:9b3d4731edbb	468	* keys will only be stored in memory.
WFKnight	0:9b3d4731edbb	469	*
WFKnight	0:9b3d4731edbb	470	* @note This operation is only allowed with no active connections.
WFKnight	0:9b3d4731edbb	471	*
WFKnight	0:9b3d4731edbb	472	* @param[in] dbFilepath Path to the file used to store keys in the filesystem,
WFKnight	0:9b3d4731edbb	473	* if NULL keys will be only stored in memory
WFKnight	0:9b3d4731edbb	474	*
WFKnight	0:9b3d4731edbb	475	* @return BLE_ERROR_NONE on success.
WFKnight	0:9b3d4731edbb	476	*/
WFKnight	0:9b3d4731edbb	477	virtual ble_error_t setDatabaseFilepath(const char *dbFilepath = NULL) {
WFKnight	0:9b3d4731edbb	478	(void)dbFilepath;
WFKnight	0:9b3d4731edbb	479	return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
WFKnight	0:9b3d4731edbb	480	}
WFKnight	0:9b3d4731edbb	481
WFKnight	0:9b3d4731edbb	482	/**
WFKnight	0:9b3d4731edbb	483	* Notify all registered onShutdown callbacks that the SecurityManager is
WFKnight	0:9b3d4731edbb	484	* about to be shutdown and clear all SecurityManager state of the
WFKnight	0:9b3d4731edbb	485	* associated object.
WFKnight	0:9b3d4731edbb	486	*
WFKnight	0:9b3d4731edbb	487	* This function is meant to be overridden in the platform-specific
WFKnight	0:9b3d4731edbb	488	* sub-class. Nevertheless, the sub-class is only expected to reset its
WFKnight	0:9b3d4731edbb	489	* state and not the data held in SecurityManager members. This shall be
WFKnight	0:9b3d4731edbb	490	* achieved by a call to SecurityManager::reset() from the sub-class'
WFKnight	0:9b3d4731edbb	491	* reset() implementation.
WFKnight	0:9b3d4731edbb	492	*
WFKnight	0:9b3d4731edbb	493	* @return BLE_ERROR_NONE on success.
WFKnight	0:9b3d4731edbb	494	*/
WFKnight	0:9b3d4731edbb	495	virtual ble_error_t reset(void) {
WFKnight	0:9b3d4731edbb	496	/* Notify that the instance is about to shutdown */
WFKnight	0:9b3d4731edbb	497	shutdownCallChain.call(this);
WFKnight	0:9b3d4731edbb	498	shutdownCallChain.clear();
WFKnight	0:9b3d4731edbb	499	eventHandler = &defaultEventHandler;
WFKnight	0:9b3d4731edbb	500
WFKnight	0:9b3d4731edbb	501	return BLE_ERROR_NONE;
WFKnight	0:9b3d4731edbb	502	}
WFKnight	0:9b3d4731edbb	503
WFKnight	0:9b3d4731edbb	504	/**
WFKnight	0:9b3d4731edbb	505	* Normally all bonding information is lost when device is reset, this requests that the stack
WFKnight	0:9b3d4731edbb	506	* attempts to save the information and reload it during initialisation. This is not guaranteed.
WFKnight	0:9b3d4731edbb	507	*
WFKnight	0:9b3d4731edbb	508	* @param[in] enable if true the stack will attempt to preserve bonding information on reset.
WFKnight	0:9b3d4731edbb	509	* @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
WFKnight	0:9b3d4731edbb	510	*/
WFKnight	0:9b3d4731edbb	511	virtual ble_error_t preserveBondingStateOnReset(bool enable) {
WFKnight	0:9b3d4731edbb	512	/* Avoid compiler warnings about unused variables */
WFKnight	0:9b3d4731edbb	513	(void) enable;
WFKnight	0:9b3d4731edbb	514
WFKnight	0:9b3d4731edbb	515	return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
WFKnight	0:9b3d4731edbb	516	}
WFKnight	0:9b3d4731edbb	517
WFKnight	0:9b3d4731edbb	518	////////////////////////////////////////////////////////////////////////////
WFKnight	0:9b3d4731edbb	519	// List management
WFKnight	0:9b3d4731edbb	520	//
WFKnight	0:9b3d4731edbb	521
WFKnight	0:9b3d4731edbb	522	/**
WFKnight	0:9b3d4731edbb	523	* Delete all peer device context and all related bonding information from
WFKnight	0:9b3d4731edbb	524	* the database within the security manager.
WFKnight	0:9b3d4731edbb	525	*
WFKnight	0:9b3d4731edbb	526	* @retval BLE_ERROR_NONE On success, else an error code indicating reason for failure.
WFKnight	0:9b3d4731edbb	527	* @retval BLE_ERROR_INVALID_STATE If the API is called without module initialization or
WFKnight	0:9b3d4731edbb	528	* application registration.
WFKnight	0:9b3d4731edbb	529	*/
WFKnight	0:9b3d4731edbb	530	virtual ble_error_t purgeAllBondingState(void) {
WFKnight	0:9b3d4731edbb	531	return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
WFKnight	0:9b3d4731edbb	532	}
WFKnight	0:9b3d4731edbb	533
WFKnight	0:9b3d4731edbb	534	/**
WFKnight	0:9b3d4731edbb	535	* Create a list of addresses from all peers in the bond table and generate
WFKnight	0:9b3d4731edbb	536	* an event which returns it as a whitelist. Pass in the container for the whitelist.
WFKnight	0:9b3d4731edbb	537	* This will be returned by the event.
WFKnight	0:9b3d4731edbb	538	*
WFKnight	0:9b3d4731edbb	539	* @param[in] whitelist Preallocated whitelist which will be filled up to its capacity.
WFKnight	0:9b3d4731edbb	540	* If whitelist already contains entries this will be appended to.
WFKnight	0:9b3d4731edbb	541	* Do not access the whitelist until callback has been called,
WFKnight	0:9b3d4731edbb	542	* returning the filled whitelist.
WFKnight	0:9b3d4731edbb	543	*
WFKnight	0:9b3d4731edbb	544	* @retval BLE_ERROR_NONE On success, else an error code indicating reason for failure
WFKnight	0:9b3d4731edbb	545	*/
WFKnight	0:9b3d4731edbb	546	virtual ble_error_t generateWhitelistFromBondTable(Gap::Whitelist_t *whitelist) const {
WFKnight	0:9b3d4731edbb	547	return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
WFKnight	0:9b3d4731edbb	548	}
WFKnight	0:9b3d4731edbb	549
WFKnight	0:9b3d4731edbb	550	////////////////////////////////////////////////////////////////////////////
WFKnight	0:9b3d4731edbb	551	// Pairing
WFKnight	0:9b3d4731edbb	552	//
WFKnight	0:9b3d4731edbb	553
WFKnight	0:9b3d4731edbb	554	/**
WFKnight	0:9b3d4731edbb	555	* Request pairing with the peer. Called by the master.
WFKnight	0:9b3d4731edbb	556	* @note Slave can call requestAuthentication or setLinkEncryption to achieve security.
WFKnight	0:9b3d4731edbb	557	*
WFKnight	0:9b3d4731edbb	558	* @param[in] connectionHandle Handle to identify the connection.
WFKnight	0:9b3d4731edbb	559	* @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
WFKnight	0:9b3d4731edbb	560	*/
WFKnight	0:9b3d4731edbb	561	virtual ble_error_t requestPairing(ble::connection_handle_t connectionHandle) {
WFKnight	0:9b3d4731edbb	562	(void) connectionHandle;
WFKnight	0:9b3d4731edbb	563	return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
WFKnight	0:9b3d4731edbb	564	}
WFKnight	0:9b3d4731edbb	565
WFKnight	0:9b3d4731edbb	566	/**
WFKnight	0:9b3d4731edbb	567	* Accept the pairing request. Called as a result of pairingRequest being called
WFKnight	0:9b3d4731edbb	568	* on the event handler.
WFKnight	0:9b3d4731edbb	569	*
WFKnight	0:9b3d4731edbb	570	* @param[in] connectionHandle Handle to identify the connection.
WFKnight	0:9b3d4731edbb	571	* @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
WFKnight	0:9b3d4731edbb	572	*/
WFKnight	0:9b3d4731edbb	573	virtual ble_error_t acceptPairingRequest(ble::connection_handle_t connectionHandle) {
WFKnight	0:9b3d4731edbb	574	(void) connectionHandle;
WFKnight	0:9b3d4731edbb	575	return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
WFKnight	0:9b3d4731edbb	576	}
WFKnight	0:9b3d4731edbb	577
WFKnight	0:9b3d4731edbb	578	/**
WFKnight	0:9b3d4731edbb	579	* Reject pairing request if the local device is the slave or cancel an outstanding
WFKnight	0:9b3d4731edbb	580	* pairing request if master.
WFKnight	0:9b3d4731edbb	581	*
WFKnight	0:9b3d4731edbb	582	* @param[in] connectionHandle Handle to identify the connection.
WFKnight	0:9b3d4731edbb	583	* @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
WFKnight	0:9b3d4731edbb	584	*/
WFKnight	0:9b3d4731edbb	585	virtual ble_error_t cancelPairingRequest(ble::connection_handle_t connectionHandle) {
WFKnight	0:9b3d4731edbb	586	(void) connectionHandle;
WFKnight	0:9b3d4731edbb	587	return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
WFKnight	0:9b3d4731edbb	588	}
WFKnight	0:9b3d4731edbb	589
WFKnight	0:9b3d4731edbb	590	/**
WFKnight	0:9b3d4731edbb	591	* Tell the stack whether the application needs to authorise pairing requests or should
WFKnight	0:9b3d4731edbb	592	* they be automatically accepted.
WFKnight	0:9b3d4731edbb	593	*
WFKnight	0:9b3d4731edbb	594	* @param[in] required If set to true, pairingRequest in the event handler will
WFKnight	0:9b3d4731edbb	595	* will be called and will require an action from the application
WFKnight	0:9b3d4731edbb	596	* to continue with pairing by calling acceptPairingRequest
WFKnight	0:9b3d4731edbb	597	* or cancelPairingRequest if the user wishes to reject it.
WFKnight	0:9b3d4731edbb	598	* @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
WFKnight	0:9b3d4731edbb	599	*/
WFKnight	0:9b3d4731edbb	600	virtual ble_error_t setPairingRequestAuthorisation(bool required = true) {
WFKnight	0:9b3d4731edbb	601	(void) required;
WFKnight	0:9b3d4731edbb	602	return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
WFKnight	0:9b3d4731edbb	603	}
WFKnight	0:9b3d4731edbb	604
WFKnight	0:9b3d4731edbb	605	////////////////////////////////////////////////////////////////////////////
WFKnight	0:9b3d4731edbb	606	// Feature support
WFKnight	0:9b3d4731edbb	607	//
WFKnight	0:9b3d4731edbb	608
WFKnight	0:9b3d4731edbb	609	/**
WFKnight	0:9b3d4731edbb	610	* Allow of disallow the use of legacy pairing in case the application only wants
WFKnight	0:9b3d4731edbb	611	* to force the use of Secure Connections. If legacy pairing is disallowed and either
WFKnight	0:9b3d4731edbb	612	* side doesn't support Secure Connections the pairing will fail.
WFKnight	0:9b3d4731edbb	613	*
WFKnight	0:9b3d4731edbb	614	* @param[out] allow If true legacy pairing will be used if either side doesn't support Secure Connections.
WFKnight	0:9b3d4731edbb	615	* @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
WFKnight	0:9b3d4731edbb	616	*/
WFKnight	0:9b3d4731edbb	617	virtual ble_error_t allowLegacyPairing(bool allow = true) {
WFKnight	0:9b3d4731edbb	618	(void) allow;
WFKnight	0:9b3d4731edbb	619	return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
WFKnight	0:9b3d4731edbb	620	}
WFKnight	0:9b3d4731edbb	621
WFKnight	0:9b3d4731edbb	622	/**
WFKnight	0:9b3d4731edbb	623	* Check if the Secure Connections feature is supported by the stack and controller.
WFKnight	0:9b3d4731edbb	624	*
WFKnight	0:9b3d4731edbb	625	* @param[out] enabled true if SC are supported
WFKnight	0:9b3d4731edbb	626	* @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
WFKnight	0:9b3d4731edbb	627	*/
WFKnight	0:9b3d4731edbb	628	virtual ble_error_t getSecureConnectionsSupport(bool *enabled) {
WFKnight	0:9b3d4731edbb	629	(void) enabled;
WFKnight	0:9b3d4731edbb	630	return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
WFKnight	0:9b3d4731edbb	631	}
WFKnight	0:9b3d4731edbb	632
WFKnight	0:9b3d4731edbb	633	////////////////////////////////////////////////////////////////////////////
WFKnight	0:9b3d4731edbb	634	// Security settings
WFKnight	0:9b3d4731edbb	635	//
WFKnight	0:9b3d4731edbb	636
WFKnight	0:9b3d4731edbb	637	/**
WFKnight	0:9b3d4731edbb	638	* Set the IO capability of the local device.
WFKnight	0:9b3d4731edbb	639	*
WFKnight	0:9b3d4731edbb	640	* @param[in] iocaps type of IO capabilities available on the local device
WFKnight	0:9b3d4731edbb	641	* @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
WFKnight	0:9b3d4731edbb	642	*/
WFKnight	0:9b3d4731edbb	643	virtual ble_error_t setIoCapability(SecurityIOCapabilities_t iocaps) {
WFKnight	0:9b3d4731edbb	644	(void) iocaps;
WFKnight	0:9b3d4731edbb	645	return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
WFKnight	0:9b3d4731edbb	646	}
WFKnight	0:9b3d4731edbb	647
WFKnight	0:9b3d4731edbb	648	/**
WFKnight	0:9b3d4731edbb	649	* Set the passkey that is displayed on the local device instead of using
WFKnight	0:9b3d4731edbb	650	* a randomly generated one
WFKnight	0:9b3d4731edbb	651	*
WFKnight	0:9b3d4731edbb	652	* @param[in] passkey ASCII string of 6 digits
WFKnight	0:9b3d4731edbb	653	* @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
WFKnight	0:9b3d4731edbb	654	*/
WFKnight	0:9b3d4731edbb	655	virtual ble_error_t setDisplayPasskey(const Passkey_t passkey) {
WFKnight	0:9b3d4731edbb	656	(void) passkey;
WFKnight	0:9b3d4731edbb	657	return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
WFKnight	0:9b3d4731edbb	658	}
WFKnight	0:9b3d4731edbb	659
WFKnight	0:9b3d4731edbb	660	/**
WFKnight	0:9b3d4731edbb	661	* Set the security mode on a connection. Useful for elevating the security mode
WFKnight	0:9b3d4731edbb	662	* once certain conditions are met, e.g., a particular service is found.
WFKnight	0:9b3d4731edbb	663	*
WFKnight	0:9b3d4731edbb	664	* @param[in] connectionHandle Handle to identify the connection.
WFKnight	0:9b3d4731edbb	665	* @param[in] securityMode Requested security mode.
WFKnight	0:9b3d4731edbb	666	*
WFKnight	0:9b3d4731edbb	667	* @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
WFKnight	0:9b3d4731edbb	668	*/
WFKnight	0:9b3d4731edbb	669	virtual ble_error_t setLinkSecurity(ble::connection_handle_t connectionHandle, SecurityMode_t securityMode) {
WFKnight	0:9b3d4731edbb	670	/* Avoid compiler warnings about unused variables. */
WFKnight	0:9b3d4731edbb	671	(void)connectionHandle;
WFKnight	0:9b3d4731edbb	672	(void)securityMode;
WFKnight	0:9b3d4731edbb	673
WFKnight	0:9b3d4731edbb	674	return BLE_ERROR_NOT_IMPLEMENTED;
WFKnight	0:9b3d4731edbb	675	}
WFKnight	0:9b3d4731edbb	676
WFKnight	0:9b3d4731edbb	677	/**
WFKnight	0:9b3d4731edbb	678	* Set whether or not we want to send and receive keypress notifications
WFKnight	0:9b3d4731edbb	679	* during passkey entry.
WFKnight	0:9b3d4731edbb	680	*
WFKnight	0:9b3d4731edbb	681	* @param[in] enabled if true pairing will try to enable keypress notifications
WFKnight	0:9b3d4731edbb	682	* (dependent on other side supporting it)
WFKnight	0:9b3d4731edbb	683	*
WFKnight	0:9b3d4731edbb	684	* @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
WFKnight	0:9b3d4731edbb	685	*/
WFKnight	0:9b3d4731edbb	686	virtual ble_error_t setKeypressNotification(bool enabled = true) {
WFKnight	0:9b3d4731edbb	687	(void)enabled;
WFKnight	0:9b3d4731edbb	688	return BLE_ERROR_NOT_IMPLEMENTED;
WFKnight	0:9b3d4731edbb	689	}
WFKnight	0:9b3d4731edbb	690
WFKnight	0:9b3d4731edbb	691	/**
WFKnight	0:9b3d4731edbb	692	* Request generation and exchange of signing keys so that packet signing can be utilised
WFKnight	0:9b3d4731edbb	693	* on this connection.
WFKnight	0:9b3d4731edbb	694	* @note This does not generate a signingKey event. Use getSigningKey for that.
WFKnight	0:9b3d4731edbb	695	*
WFKnight	0:9b3d4731edbb	696	* @param[in] connectionHandle Handle to identify the connection.
WFKnight	0:9b3d4731edbb	697	* @param[in] enabled If set to true, signing keys will be exchanged
WFKnight	0:9b3d4731edbb	698	* during subsequent pairing.
WFKnight	0:9b3d4731edbb	699	* @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
WFKnight	0:9b3d4731edbb	700	*/
WFKnight	0:9b3d4731edbb	701	virtual ble_error_t enableSigning(ble::connection_handle_t connectionHandle, bool enabled = true) {
WFKnight	0:9b3d4731edbb	702	(void) enabled;
WFKnight	0:9b3d4731edbb	703	return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
WFKnight	0:9b3d4731edbb	704	}
WFKnight	0:9b3d4731edbb	705
WFKnight	0:9b3d4731edbb	706	/**
WFKnight	0:9b3d4731edbb	707	* Give a hint to the stack that the master/slave role might change in the future.
WFKnight	0:9b3d4731edbb	708	*
WFKnight	0:9b3d4731edbb	709	* @param[in] enable If set to true it hints the roles are likely to swap in the future.
WFKnight	0:9b3d4731edbb	710	*
WFKnight	0:9b3d4731edbb	711	* @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
WFKnight	0:9b3d4731edbb	712	*/
WFKnight	0:9b3d4731edbb	713	virtual ble_error_t setHintFutureRoleReversal(bool enable = true) {
WFKnight	0:9b3d4731edbb	714	(void)enable;
WFKnight	0:9b3d4731edbb	715	return BLE_ERROR_NOT_IMPLEMENTED;
WFKnight	0:9b3d4731edbb	716	}
WFKnight	0:9b3d4731edbb	717
WFKnight	0:9b3d4731edbb	718	////////////////////////////////////////////////////////////////////////////
WFKnight	0:9b3d4731edbb	719	// Encryption
WFKnight	0:9b3d4731edbb	720	//
WFKnight	0:9b3d4731edbb	721
WFKnight	0:9b3d4731edbb	722	/**
WFKnight	0:9b3d4731edbb	723	* Current state of encryption on the link.
WFKnight	0:9b3d4731edbb	724	*
WFKnight	0:9b3d4731edbb	725	* @param[in] connectionHandle Handle to identify the connection.
WFKnight	0:9b3d4731edbb	726	* @param[out] encryption
WFKnight	0:9b3d4731edbb	727	* @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
WFKnight	0:9b3d4731edbb	728	*/
WFKnight	0:9b3d4731edbb	729	virtual ble_error_t getLinkEncryption(ble::connection_handle_t connectionHandle, ble::link_encryption_t *encryption) {
WFKnight	0:9b3d4731edbb	730	(void)connectionHandle;
WFKnight	0:9b3d4731edbb	731	(void)encryption;
WFKnight	0:9b3d4731edbb	732	return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
WFKnight	0:9b3d4731edbb	733	}
WFKnight	0:9b3d4731edbb	734
WFKnight	0:9b3d4731edbb	735	/**
WFKnight	0:9b3d4731edbb	736	* Enabled or disable encryption on the link. The result of this request will be indicated
WFKnight	0:9b3d4731edbb	737	* by a call to linkEncryptionResult in the event handler when the action is completed.
WFKnight	0:9b3d4731edbb	738	*
WFKnight	0:9b3d4731edbb	739	* @param[in] connectionHandle Handle to identify the connection.
WFKnight	0:9b3d4731edbb	740	* @param[in] encryption encryption state requested
WFKnight	0:9b3d4731edbb	741	* @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
WFKnight	0:9b3d4731edbb	742	*/
WFKnight	0:9b3d4731edbb	743	virtual ble_error_t setLinkEncryption(ble::connection_handle_t connectionHandle, ble::link_encryption_t encryption) {
WFKnight	0:9b3d4731edbb	744	(void)connectionHandle;
WFKnight	0:9b3d4731edbb	745	(void)encryption;
WFKnight	0:9b3d4731edbb	746	return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
WFKnight	0:9b3d4731edbb	747	}
WFKnight	0:9b3d4731edbb	748
WFKnight	0:9b3d4731edbb	749	/**
WFKnight	0:9b3d4731edbb	750	* Set the requirements for encryption key size. If the peer cannot comply with the requirements
WFKnight	0:9b3d4731edbb	751	* paring will fail.
WFKnight	0:9b3d4731edbb	752	*
WFKnight	0:9b3d4731edbb	753	* @param[in] minimumByteSize Smallest allowed encryption key size in bytes. (no smaller than 7)
WFKnight	0:9b3d4731edbb	754	* @param[in] maximumByteSize Largest allowed encryption key size in bytes. (no larger than 16)
WFKnight	0:9b3d4731edbb	755	* @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
WFKnight	0:9b3d4731edbb	756	*/
WFKnight	0:9b3d4731edbb	757	virtual ble_error_t setEncryptionKeyRequirements(uint8_t minimumByteSize, uint8_t maximumByteSize) {
WFKnight	0:9b3d4731edbb	758	(void) minimumByteSize;
WFKnight	0:9b3d4731edbb	759	(void) maximumByteSize;
WFKnight	0:9b3d4731edbb	760	return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
WFKnight	0:9b3d4731edbb	761	}
WFKnight	0:9b3d4731edbb	762
WFKnight	0:9b3d4731edbb	763	////////////////////////////////////////////////////////////////////////////
WFKnight	0:9b3d4731edbb	764	// Authentication
WFKnight	0:9b3d4731edbb	765	//
WFKnight	0:9b3d4731edbb	766
WFKnight	0:9b3d4731edbb	767	/**
WFKnight	0:9b3d4731edbb	768	* Request that the link be authenticated (keys with MITM protection). This might trigger encryption
WFKnight	0:9b3d4731edbb	769	* or pairing/re-pairing. The success will be indicated through an event indicating security level change.
WFKnight	0:9b3d4731edbb	770	*
WFKnight	0:9b3d4731edbb	771	* @param[in] connectionHandle Handle to identify the connection.
WFKnight	0:9b3d4731edbb	772	* @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
WFKnight	0:9b3d4731edbb	773	*/
WFKnight	0:9b3d4731edbb	774	virtual ble_error_t requestAuthentication(ble::connection_handle_t connectionHandle) {
WFKnight	0:9b3d4731edbb	775	(void) connectionHandle;
WFKnight	0:9b3d4731edbb	776	return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
WFKnight	0:9b3d4731edbb	777	}
WFKnight	0:9b3d4731edbb	778
WFKnight	0:9b3d4731edbb	779	////////////////////////////////////////////////////////////////////////////
WFKnight	0:9b3d4731edbb	780	// MITM
WFKnight	0:9b3d4731edbb	781	//
WFKnight	0:9b3d4731edbb	782
WFKnight	0:9b3d4731edbb	783	/**
WFKnight	0:9b3d4731edbb	784	* Generate OOB data with the given address. If Secure Connections is supported this will
WFKnight	0:9b3d4731edbb	785	* also generate Secure Connections OOB data on top of legacy pairing OOB data. This can be used
WFKnight	0:9b3d4731edbb	786	* to generate such data before the connection takes place.
WFKnight	0:9b3d4731edbb	787	*
WFKnight	0:9b3d4731edbb	788	* In this model the OOB exchange takes place before the devices connect. Devices should establish
WFKnight	0:9b3d4731edbb	789	* communication over another channel and exchange the OOB data. The address provided will be used
WFKnight	0:9b3d4731edbb	790	* by the peer to associate the received data with the address of the device it will then connect
WFKnight	0:9b3d4731edbb	791	* to over BLE.
WFKnight	0:9b3d4731edbb	792	*
WFKnight	0:9b3d4731edbb	793	* @param[in] address The local address you will use in the connection using this OOB data. This
WFKnight	0:9b3d4731edbb	794	* address will be returned along with the rest of the OOB data when generation
WFKnight	0:9b3d4731edbb	795	* is complete. Using an invalid address is illegal.
WFKnight	0:9b3d4731edbb	796	* @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
WFKnight	0:9b3d4731edbb	797	*/
WFKnight	0:9b3d4731edbb	798	virtual ble_error_t generateOOB(const ble::address_t *address) {
WFKnight	0:9b3d4731edbb	799	/* Avoid compiler warnings about unused variables */
WFKnight	0:9b3d4731edbb	800	(void) address;
WFKnight	0:9b3d4731edbb	801	return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
WFKnight	0:9b3d4731edbb	802	}
WFKnight	0:9b3d4731edbb	803
WFKnight	0:9b3d4731edbb	804	/**
WFKnight	0:9b3d4731edbb	805	* Enable OOB data usage during paring. If Secure Connections is supported enabling useOOB will
WFKnight	0:9b3d4731edbb	806	* generate Secure Connections OOB data through oobGenerated() on top of legacy pairing OOB data.
WFKnight	0:9b3d4731edbb	807	*
WFKnight	0:9b3d4731edbb	808	* You do not have to call this function to return received OOB data. Use legacyPairingOobReceived
WFKnight	0:9b3d4731edbb	809	* or oobReceived to hand it in. This will allow the stack to use it if possible. You only need to
WFKnight	0:9b3d4731edbb	810	* call this function to attempt legacy OOB data exchange after pairing start and to inform
WFKnight	0:9b3d4731edbb	811	* the stack OOB data does not provide MITM protection (by default it is set to provide this).
WFKnight	0:9b3d4731edbb	812	*
WFKnight	0:9b3d4731edbb	813	* In this model the OOB exchange takes places after the devices have connected but possibly
WFKnight	0:9b3d4731edbb	814	* prior to pairing. For secure connections pairing must not be started until after the OOB
WFKnight	0:9b3d4731edbb	815	* data has been sent and/or received. The address in the OOB data generated will match
WFKnight	0:9b3d4731edbb	816	* the original address used to establish the connection and will be used by the peer to
WFKnight	0:9b3d4731edbb	817	* identify which connection the OOB data belongs to.
WFKnight	0:9b3d4731edbb	818	*
WFKnight	0:9b3d4731edbb	819	* @param[in] connectionHandle Handle to identify the connection.
WFKnight	0:9b3d4731edbb	820	* @param[in] useOOB If set to true, authenticate using OOB data.
WFKnight	0:9b3d4731edbb	821	* @param[in] OOBProvidesMITM If set to true keys exchanged during pairing using OOB data
WFKnight	0:9b3d4731edbb	822	* will provide Man-in-the-Middle protection. This indicates that
WFKnight	0:9b3d4731edbb	823	* the form of exchange used by the OOB data itself provides MITM
WFKnight	0:9b3d4731edbb	824	* protection.
WFKnight	0:9b3d4731edbb	825	* @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
WFKnight	0:9b3d4731edbb	826	*/
WFKnight	0:9b3d4731edbb	827	virtual ble_error_t setOOBDataUsage(ble::connection_handle_t connectionHandle, bool useOOB, bool OOBProvidesMITM = true) {
WFKnight	0:9b3d4731edbb	828	/* Avoid compiler warnings about unused variables */
WFKnight	0:9b3d4731edbb	829	(void) connectionHandle;
WFKnight	0:9b3d4731edbb	830	(void) useOOB;
WFKnight	0:9b3d4731edbb	831	(void) OOBProvidesMITM;
WFKnight	0:9b3d4731edbb	832	return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
WFKnight	0:9b3d4731edbb	833	}
WFKnight	0:9b3d4731edbb	834
WFKnight	0:9b3d4731edbb	835	/**
WFKnight	0:9b3d4731edbb	836	* Report to the stack if the passkey matches or not. Used during pairing to provide MITM protection.
WFKnight	0:9b3d4731edbb	837	*
WFKnight	0:9b3d4731edbb	838	* @param[in] connectionHandle Handle to identify the connection.
WFKnight	0:9b3d4731edbb	839	* @param[in] confirmation True value indicates the passkey displayed matches.
WFKnight	0:9b3d4731edbb	840	* @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
WFKnight	0:9b3d4731edbb	841	*/
WFKnight	0:9b3d4731edbb	842	virtual ble_error_t confirmationEntered(ble::connection_handle_t connectionHandle, bool confirmation) {
WFKnight	0:9b3d4731edbb	843	(void) connectionHandle;
WFKnight	0:9b3d4731edbb	844	(void) confirmation;
WFKnight	0:9b3d4731edbb	845	return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
WFKnight	0:9b3d4731edbb	846	}
WFKnight	0:9b3d4731edbb	847
WFKnight	0:9b3d4731edbb	848	/**
WFKnight	0:9b3d4731edbb	849	* Supply the stack with the user entered passkey.
WFKnight	0:9b3d4731edbb	850	*
WFKnight	0:9b3d4731edbb	851	* @param[in] connectionHandle Handle to identify the connection.
WFKnight	0:9b3d4731edbb	852	* @param[in] passkey ASCII string of digits entered by the user.
WFKnight	0:9b3d4731edbb	853	* @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
WFKnight	0:9b3d4731edbb	854	*/
WFKnight	0:9b3d4731edbb	855	virtual ble_error_t passkeyEntered(ble::connection_handle_t connectionHandle, Passkey_t passkey) {
WFKnight	0:9b3d4731edbb	856	(void) connectionHandle;
WFKnight	0:9b3d4731edbb	857	(void) passkey;
WFKnight	0:9b3d4731edbb	858	return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
WFKnight	0:9b3d4731edbb	859	}
WFKnight	0:9b3d4731edbb	860
WFKnight	0:9b3d4731edbb	861	/**
WFKnight	0:9b3d4731edbb	862	* Send a notification to the peer that the user pressed a key on the local device.
WFKnight	0:9b3d4731edbb	863	* @note This will only be delivered if the keypress notifications have been enabled during pairing.
WFKnight	0:9b3d4731edbb	864	*
WFKnight	0:9b3d4731edbb	865	* @param[in] connectionHandle Handle to identify the connection.
WFKnight	0:9b3d4731edbb	866	* @param[in] keypress Type of keypress event.
WFKnight	0:9b3d4731edbb	867	* @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
WFKnight	0:9b3d4731edbb	868	*/
WFKnight	0:9b3d4731edbb	869	virtual ble_error_t sendKeypressNotification(ble::connection_handle_t connectionHandle, Keypress_t keypress) {
WFKnight	0:9b3d4731edbb	870	(void) connectionHandle;
WFKnight	0:9b3d4731edbb	871	(void) keypress;
WFKnight	0:9b3d4731edbb	872	return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
WFKnight	0:9b3d4731edbb	873	}
WFKnight	0:9b3d4731edbb	874
WFKnight	0:9b3d4731edbb	875	/**
WFKnight	0:9b3d4731edbb	876	* Supply the stack with the OOB data for legacy connections.
WFKnight	0:9b3d4731edbb	877	*
WFKnight	0:9b3d4731edbb	878	* @param[in] address address of the peer device this data comes from
WFKnight	0:9b3d4731edbb	879	* @param[in] tk pointer to out of band data received containing the temporary key.
WFKnight	0:9b3d4731edbb	880	* @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
WFKnight	0:9b3d4731edbb	881	*/
WFKnight	0:9b3d4731edbb	882	virtual ble_error_t legacyPairingOobReceived(const ble::address_t address, const ble::oob_tk_t tk) {
WFKnight	0:9b3d4731edbb	883	(void) address;
WFKnight	0:9b3d4731edbb	884	(void) tk;
WFKnight	0:9b3d4731edbb	885	return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
WFKnight	0:9b3d4731edbb	886	}
WFKnight	0:9b3d4731edbb	887
WFKnight	0:9b3d4731edbb	888	/**
WFKnight	0:9b3d4731edbb	889	* Supply the stack with the OOB data for secure connections.
WFKnight	0:9b3d4731edbb	890	*
WFKnight	0:9b3d4731edbb	891	* @param[in] address address of the peer device this data comes from
WFKnight	0:9b3d4731edbb	892	* @param[in] random random number used to generate the confirmation
WFKnight	0:9b3d4731edbb	893	* @param[in] confirm confirmation value to be use for authentication
WFKnight	0:9b3d4731edbb	894	* in secure connections pairing
WFKnight	0:9b3d4731edbb	895	* @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
WFKnight	0:9b3d4731edbb	896	*/
WFKnight	0:9b3d4731edbb	897	virtual ble_error_t oobReceived(const ble::address_t address, const ble::oob_lesc_value_t random, const ble::oob_confirm_t *confirm) {
WFKnight	0:9b3d4731edbb	898	(void) address;
WFKnight	0:9b3d4731edbb	899	(void) random;
WFKnight	0:9b3d4731edbb	900	(void) confirm;
WFKnight	0:9b3d4731edbb	901	return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
WFKnight	0:9b3d4731edbb	902	}
WFKnight	0:9b3d4731edbb	903
WFKnight	0:9b3d4731edbb	904	////////////////////////////////////////////////////////////////////////////
WFKnight	0:9b3d4731edbb	905	// Keys
WFKnight	0:9b3d4731edbb	906	//
WFKnight	0:9b3d4731edbb	907
WFKnight	0:9b3d4731edbb	908	/**
WFKnight	0:9b3d4731edbb	909	* Retrieves a signing key through a signingKey event.
WFKnight	0:9b3d4731edbb	910	* If a signing key is not present, pairing/authentication will be attempted.
WFKnight	0:9b3d4731edbb	911	* @note This will attempt to retrieve the key even if enableSigning hasn't been called prior to pairing.
WFKnight	0:9b3d4731edbb	912	*
WFKnight	0:9b3d4731edbb	913	* @param[in] connectionHandle Handle to identify the connection.
WFKnight	0:9b3d4731edbb	914	* @param[in] authenticated Whether the signing key needs to be authenticated
WFKnight	0:9b3d4731edbb	915	* (provide MITM protection).
WFKnight	0:9b3d4731edbb	916	*
WFKnight	0:9b3d4731edbb	917	* @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
WFKnight	0:9b3d4731edbb	918	*/
WFKnight	0:9b3d4731edbb	919	virtual ble_error_t getSigningKey(ble::connection_handle_t connectionHandle, bool authenticated) {
WFKnight	0:9b3d4731edbb	920	(void)connectionHandle;
WFKnight	0:9b3d4731edbb	921	(void)authenticated;
WFKnight	0:9b3d4731edbb	922	return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
WFKnight	0:9b3d4731edbb	923	}
WFKnight	0:9b3d4731edbb	924
WFKnight	0:9b3d4731edbb	925	/* Event callback handlers. */
WFKnight	0:9b3d4731edbb	926	public:
WFKnight	0:9b3d4731edbb	927	/**
WFKnight	0:9b3d4731edbb	928	* Setup a callback to be invoked to notify the user application that the
WFKnight	0:9b3d4731edbb	929	* SecurityManager instance is about to shutdown (possibly as a result of a call
WFKnight	0:9b3d4731edbb	930	* to BLE::shutdown()).
WFKnight	0:9b3d4731edbb	931	*
WFKnight	0:9b3d4731edbb	932	* @note It is possible to chain together multiple onShutdown callbacks
WFKnight	0:9b3d4731edbb	933	* (potentially from different modules of an application) to be notified
WFKnight	0:9b3d4731edbb	934	* before the SecurityManager is shutdown.
WFKnight	0:9b3d4731edbb	935	*
WFKnight	0:9b3d4731edbb	936	* @note It is also possible to set up a callback into a member function of
WFKnight	0:9b3d4731edbb	937	* some object.
WFKnight	0:9b3d4731edbb	938	*
WFKnight	0:9b3d4731edbb	939	* @note It is possible to unregister a callback using onShutdown().detach(callback)
WFKnight	0:9b3d4731edbb	940	*/
WFKnight	0:9b3d4731edbb	941	void onShutdown(const SecurityManagerShutdownCallback_t& callback) {
WFKnight	0:9b3d4731edbb	942	shutdownCallChain.add(callback);
WFKnight	0:9b3d4731edbb	943	}
WFKnight	0:9b3d4731edbb	944	template <typename T>
WFKnight	0:9b3d4731edbb	945	void onShutdown(T objPtr, void (T::memberPtr)(const SecurityManager *)) {
WFKnight	0:9b3d4731edbb	946	shutdownCallChain.add(objPtr, memberPtr);
WFKnight	0:9b3d4731edbb	947	}
WFKnight	0:9b3d4731edbb	948
WFKnight	0:9b3d4731edbb	949	/**
WFKnight	0:9b3d4731edbb	950	* Provide access to the callchain of shutdown event callbacks.
WFKnight	0:9b3d4731edbb	951	* It is possible to register callbacks using onShutdown().add(callback).
WFKnight	0:9b3d4731edbb	952	* It is possible to unregister callbacks using onShutdown().detach(callback).
WFKnight	0:9b3d4731edbb	953	*
WFKnight	0:9b3d4731edbb	954	* @return The shutdown event callbacks chain
WFKnight	0:9b3d4731edbb	955	*/
WFKnight	0:9b3d4731edbb	956	SecurityManagerShutdownCallbackChain_t& onShutdown() {
WFKnight	0:9b3d4731edbb	957	return shutdownCallChain;
WFKnight	0:9b3d4731edbb	958	}
WFKnight	0:9b3d4731edbb	959
WFKnight	0:9b3d4731edbb	960	/**
WFKnight	0:9b3d4731edbb	961	* Assign the event handler implementation that will be used by the stack to signal events
WFKnight	0:9b3d4731edbb	962	* back to the application.
WFKnight	0:9b3d4731edbb	963	*
WFKnight	0:9b3d4731edbb	964	* @param[in] handler Event Handler interface implementation.
WFKnight	0:9b3d4731edbb	965	*/
WFKnight	0:9b3d4731edbb	966	virtual void setSecurityManagerEventHandler(EventHandler* handler) {
WFKnight	0:9b3d4731edbb	967	if (handler) {
WFKnight	0:9b3d4731edbb	968	eventHandler = handler;
WFKnight	0:9b3d4731edbb	969	} else {
WFKnight	0:9b3d4731edbb	970	eventHandler = &defaultEventHandler;
WFKnight	0:9b3d4731edbb	971	}
WFKnight	0:9b3d4731edbb	972	}
WFKnight	0:9b3d4731edbb	973
WFKnight	0:9b3d4731edbb	974	protected:
WFKnight	0:9b3d4731edbb	975	SecurityManager() {
WFKnight	0:9b3d4731edbb	976	eventHandler = &defaultEventHandler;
WFKnight	0:9b3d4731edbb	977	}
WFKnight	0:9b3d4731edbb	978
WFKnight	0:9b3d4731edbb	979	virtual ~SecurityManager() { };
WFKnight	0:9b3d4731edbb	980
WFKnight	0:9b3d4731edbb	981	public:
WFKnight	0:9b3d4731edbb	982	/**
WFKnight	0:9b3d4731edbb	983	* @deprecated use generateWhitelistFromBondTable instead
WFKnight	0:9b3d4731edbb	984	*
WFKnight	0:9b3d4731edbb	985	* Get a list of addresses from all peers in the bond table.
WFKnight	0:9b3d4731edbb	986	*
WFKnight	0:9b3d4731edbb	987	* @param[in,out] addresses
WFKnight	0:9b3d4731edbb	988	* (on input) addresses.capacity contains the maximum
WFKnight	0:9b3d4731edbb	989	* number of addresses to be returned.
WFKnight	0:9b3d4731edbb	990	* (on output) The populated table with copies of the
WFKnight	0:9b3d4731edbb	991	* addresses in the implementation's whitelist.
WFKnight	0:9b3d4731edbb	992	*
WFKnight	0:9b3d4731edbb	993	* @retval BLE_ERROR_NONE On success, else an error code indicating reason for failure.
WFKnight	0:9b3d4731edbb	994	* @retval BLE_ERROR_INVALID_STATE If the API is called without module initialization or
WFKnight	0:9b3d4731edbb	995	* application registration.
WFKnight	0:9b3d4731edbb	996	*/
WFKnight	0:9b3d4731edbb	997	virtual ble_error_t getAddressesFromBondTable(Gap::Whitelist_t &addresses) const {
WFKnight	0:9b3d4731edbb	998	/* Avoid compiler warnings about unused variables */
WFKnight	0:9b3d4731edbb	999	(void) addresses;
WFKnight	0:9b3d4731edbb	1000	return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
WFKnight	0:9b3d4731edbb	1001	}
WFKnight	0:9b3d4731edbb	1002
WFKnight	0:9b3d4731edbb	1003	/**
WFKnight	0:9b3d4731edbb	1004	* @deprecated
WFKnight	0:9b3d4731edbb	1005	*
WFKnight	0:9b3d4731edbb	1006	* Get the security status of a connection.
WFKnight	0:9b3d4731edbb	1007	*
WFKnight	0:9b3d4731edbb	1008	* @param[in] connectionHandle Handle to identify the connection.
WFKnight	0:9b3d4731edbb	1009	* @param[out] securityStatus Security status.
WFKnight	0:9b3d4731edbb	1010	*
WFKnight	0:9b3d4731edbb	1011	* @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
WFKnight	0:9b3d4731edbb	1012	*/
WFKnight	0:9b3d4731edbb	1013	ble_error_t getLinkSecurity(ble::connection_handle_t connectionHandle, LinkSecurityStatus_t *securityStatus) {
WFKnight	0:9b3d4731edbb	1014	ble::link_encryption_t encryption(ble::link_encryption_t::NOT_ENCRYPTED);
WFKnight	0:9b3d4731edbb	1015	ble_error_t err = getLinkEncryption(connectionHandle, &encryption);
WFKnight	0:9b3d4731edbb	1016	if (err) {
WFKnight	0:9b3d4731edbb	1017	return err;
WFKnight	0:9b3d4731edbb	1018	}
WFKnight	0:9b3d4731edbb	1019
WFKnight	0:9b3d4731edbb	1020	switch (encryption.value()) {
WFKnight	0:9b3d4731edbb	1021	case ble::link_encryption_t::NOT_ENCRYPTED:
WFKnight	0:9b3d4731edbb	1022	*securityStatus = NOT_ENCRYPTED;
WFKnight	0:9b3d4731edbb	1023	break;
WFKnight	0:9b3d4731edbb	1024	case ble::link_encryption_t::ENCRYPTION_IN_PROGRESS:
WFKnight	0:9b3d4731edbb	1025	*securityStatus = ENCRYPTION_IN_PROGRESS;
WFKnight	0:9b3d4731edbb	1026	break;
WFKnight	0:9b3d4731edbb	1027	case ble::link_encryption_t::ENCRYPTED:
WFKnight	0:9b3d4731edbb	1028	case ble::link_encryption_t::ENCRYPTED_WITH_MITM:
WFKnight	0:9b3d4731edbb	1029	case ble::link_encryption_t::ENCRYPTED_WITH_SC_AND_MITM:
WFKnight	0:9b3d4731edbb	1030	*securityStatus = ENCRYPTED;
WFKnight	0:9b3d4731edbb	1031	break;
WFKnight	0:9b3d4731edbb	1032	default:
WFKnight	0:9b3d4731edbb	1033	// should never happen
WFKnight	0:9b3d4731edbb	1034	MBED_ASSERT(false);
WFKnight	0:9b3d4731edbb	1035	*securityStatus = NOT_ENCRYPTED;
WFKnight	0:9b3d4731edbb	1036	break;
WFKnight	0:9b3d4731edbb	1037	}
WFKnight	0:9b3d4731edbb	1038
WFKnight	0:9b3d4731edbb	1039	return BLE_ERROR_NONE;
WFKnight	0:9b3d4731edbb	1040	}
WFKnight	0:9b3d4731edbb	1041
WFKnight	0:9b3d4731edbb	1042	/**
WFKnight	0:9b3d4731edbb	1043	* @deprecated
WFKnight	0:9b3d4731edbb	1044	*
WFKnight	0:9b3d4731edbb	1045	* To indicate that a security procedure for the link has started.
WFKnight	0:9b3d4731edbb	1046	*/
WFKnight	0:9b3d4731edbb	1047	virtual void onSecuritySetupInitiated(SecuritySetupInitiatedCallback_t callback) {
WFKnight	0:9b3d4731edbb	1048	defaultEventHandler.securitySetupInitiatedCallback = callback;
WFKnight	0:9b3d4731edbb	1049	}
WFKnight	0:9b3d4731edbb	1050
WFKnight	0:9b3d4731edbb	1051	/**
WFKnight	0:9b3d4731edbb	1052	* @deprecated
WFKnight	0:9b3d4731edbb	1053	*
WFKnight	0:9b3d4731edbb	1054	* To indicate that the security procedure for the link has completed.
WFKnight	0:9b3d4731edbb	1055	*/
WFKnight	0:9b3d4731edbb	1056	virtual void onSecuritySetupCompleted(SecuritySetupCompletedCallback_t callback) {
WFKnight	0:9b3d4731edbb	1057	defaultEventHandler.securitySetupCompletedCallback = callback;
WFKnight	0:9b3d4731edbb	1058	}
WFKnight	0:9b3d4731edbb	1059
WFKnight	0:9b3d4731edbb	1060	/**
WFKnight	0:9b3d4731edbb	1061	* @deprecated
WFKnight	0:9b3d4731edbb	1062	*
WFKnight	0:9b3d4731edbb	1063	* To indicate that the link with the peer is secured. For bonded devices,
WFKnight	0:9b3d4731edbb	1064	* subsequent reconnections with a bonded peer will result only in this callback
WFKnight	0:9b3d4731edbb	1065	* when the link is secured; setup procedures will not occur (unless the
WFKnight	0:9b3d4731edbb	1066	* bonding information is either lost or deleted on either or both sides).
WFKnight	0:9b3d4731edbb	1067	*/
WFKnight	0:9b3d4731edbb	1068	virtual void onLinkSecured(LinkSecuredCallback_t callback) {
WFKnight	0:9b3d4731edbb	1069	defaultEventHandler.linkSecuredCallback = callback;
WFKnight	0:9b3d4731edbb	1070	}
WFKnight	0:9b3d4731edbb	1071
WFKnight	0:9b3d4731edbb	1072	/**
WFKnight	0:9b3d4731edbb	1073	* @deprecated
WFKnight	0:9b3d4731edbb	1074	*
WFKnight	0:9b3d4731edbb	1075	* To indicate that device context is stored persistently.
WFKnight	0:9b3d4731edbb	1076	*/
WFKnight	0:9b3d4731edbb	1077	virtual void onSecurityContextStored(HandleSpecificEvent_t callback) {
WFKnight	0:9b3d4731edbb	1078	defaultEventHandler.securityContextStoredCallback = callback;
WFKnight	0:9b3d4731edbb	1079	}
WFKnight	0:9b3d4731edbb	1080
WFKnight	0:9b3d4731edbb	1081	/** @deprecated
WFKnight	0:9b3d4731edbb	1082	*
WFKnight	0:9b3d4731edbb	1083	* To set the callback for when the passkey needs to be displayed on a peripheral with DISPLAY capability.
WFKnight	0:9b3d4731edbb	1084	*/
WFKnight	0:9b3d4731edbb	1085	virtual void onPasskeyDisplay(PasskeyDisplayCallback_t callback) {
WFKnight	0:9b3d4731edbb	1086	defaultEventHandler.passkeyDisplayCallback = callback;
WFKnight	0:9b3d4731edbb	1087	}
WFKnight	0:9b3d4731edbb	1088
WFKnight	0:9b3d4731edbb	1089	/* Entry points for the underlying stack to report events back to the user. */
WFKnight	0:9b3d4731edbb	1090	public:
WFKnight	0:9b3d4731edbb	1091	/** @deprecated */
WFKnight	0:9b3d4731edbb	1092	void processSecuritySetupInitiatedEvent(ble::connection_handle_t connectionHandle, bool allowBonding, bool requireMITM, SecurityIOCapabilities_t iocaps) {
WFKnight	0:9b3d4731edbb	1093	if (defaultEventHandler.securitySetupInitiatedCallback) {
WFKnight	0:9b3d4731edbb	1094	defaultEventHandler.securitySetupInitiatedCallback(connectionHandle, allowBonding, requireMITM, iocaps);
WFKnight	0:9b3d4731edbb	1095	}
WFKnight	0:9b3d4731edbb	1096	}
WFKnight	0:9b3d4731edbb	1097	/** @deprecated */
WFKnight	0:9b3d4731edbb	1098	void processSecuritySetupCompletedEvent(ble::connection_handle_t connectionHandle, SecurityCompletionStatus_t status) {
WFKnight	0:9b3d4731edbb	1099	eventHandler->pairingResult(connectionHandle, status);
WFKnight	0:9b3d4731edbb	1100	}
WFKnight	0:9b3d4731edbb	1101	/** @deprecated */
WFKnight	0:9b3d4731edbb	1102	void processLinkSecuredEvent(ble::connection_handle_t connectionHandle, SecurityMode_t securityMode) {
WFKnight	0:9b3d4731edbb	1103	if (securityMode == SECURITY_MODE_ENCRYPTION_NO_MITM) {
WFKnight	0:9b3d4731edbb	1104	eventHandler->linkEncryptionResult(connectionHandle, ble::link_encryption_t::ENCRYPTED);
WFKnight	0:9b3d4731edbb	1105	} else {
WFKnight	0:9b3d4731edbb	1106	eventHandler->linkEncryptionResult(connectionHandle, ble::link_encryption_t::NOT_ENCRYPTED);
WFKnight	0:9b3d4731edbb	1107	}
WFKnight	0:9b3d4731edbb	1108	}
WFKnight	0:9b3d4731edbb	1109	/** @deprecated */
WFKnight	0:9b3d4731edbb	1110	void processSecurityContextStoredEvent(ble::connection_handle_t connectionHandle) {
WFKnight	0:9b3d4731edbb	1111	if (defaultEventHandler.securityContextStoredCallback) {
WFKnight	0:9b3d4731edbb	1112	defaultEventHandler.securityContextStoredCallback(connectionHandle);
WFKnight	0:9b3d4731edbb	1113	}
WFKnight	0:9b3d4731edbb	1114	}
WFKnight	0:9b3d4731edbb	1115	/** @deprecated */
WFKnight	0:9b3d4731edbb	1116	void processPasskeyDisplayEvent(ble::connection_handle_t connectionHandle, const Passkey_t passkey) {
WFKnight	0:9b3d4731edbb	1117	eventHandler->passkeyDisplay(connectionHandle, passkey);
WFKnight	0:9b3d4731edbb	1118	}
WFKnight	0:9b3d4731edbb	1119
WFKnight	0:9b3d4731edbb	1120	private:
WFKnight	0:9b3d4731edbb	1121	/* Legacy compatibility with old callbacks (from both sides so any
WFKnight	0:9b3d4731edbb	1122	* combination of new and old works) */
WFKnight	0:9b3d4731edbb	1123	class LegacyEventHandler : public EventHandler {
WFKnight	0:9b3d4731edbb	1124	public:
WFKnight	0:9b3d4731edbb	1125	LegacyEventHandler() :
WFKnight	0:9b3d4731edbb	1126	securitySetupInitiatedCallback(),
WFKnight	0:9b3d4731edbb	1127	securitySetupCompletedCallback(),
WFKnight	0:9b3d4731edbb	1128	linkSecuredCallback(),
WFKnight	0:9b3d4731edbb	1129	securityContextStoredCallback(),
WFKnight	0:9b3d4731edbb	1130	passkeyDisplayCallback() { };
WFKnight	0:9b3d4731edbb	1131
WFKnight	0:9b3d4731edbb	1132	virtual void pairingResult(ble::connection_handle_t connectionHandle, SecurityCompletionStatus_t result) {
WFKnight	0:9b3d4731edbb	1133	if (securitySetupCompletedCallback) {
WFKnight	0:9b3d4731edbb	1134	securitySetupCompletedCallback(connectionHandle, result);
WFKnight	0:9b3d4731edbb	1135	}
WFKnight	0:9b3d4731edbb	1136	}
WFKnight	0:9b3d4731edbb	1137
WFKnight	0:9b3d4731edbb	1138	virtual void linkEncryptionResult(ble::connection_handle_t connectionHandle, ble::link_encryption_t result) {
WFKnight	0:9b3d4731edbb	1139	if (linkSecuredCallback) {
WFKnight	0:9b3d4731edbb	1140	SecurityManager::SecurityMode_t securityMode;
WFKnight	0:9b3d4731edbb	1141	if (result == ble::link_encryption_t::ENCRYPTED) {
WFKnight	0:9b3d4731edbb	1142	securityMode = SECURITY_MODE_ENCRYPTION_NO_MITM;
WFKnight	0:9b3d4731edbb	1143	} else if (
WFKnight	0:9b3d4731edbb	1144	result == ble::link_encryption_t::ENCRYPTED_WITH_MITM \|\|
WFKnight	0:9b3d4731edbb	1145	result == ble::link_encryption_t::ENCRYPTED_WITH_SC_AND_MITM
WFKnight	0:9b3d4731edbb	1146	) {
WFKnight	0:9b3d4731edbb	1147	securityMode = SECURITY_MODE_ENCRYPTION_WITH_MITM;
WFKnight	0:9b3d4731edbb	1148	} else {
WFKnight	0:9b3d4731edbb	1149	securityMode = SECURITY_MODE_ENCRYPTION_OPEN_LINK;
WFKnight	0:9b3d4731edbb	1150	}
WFKnight	0:9b3d4731edbb	1151	linkSecuredCallback(connectionHandle, securityMode);
WFKnight	0:9b3d4731edbb	1152	}
WFKnight	0:9b3d4731edbb	1153	};
WFKnight	0:9b3d4731edbb	1154
WFKnight	0:9b3d4731edbb	1155	virtual void passkeyDisplay(ble::connection_handle_t connectionHandle, const SecurityManager::Passkey_t passkey) {
WFKnight	0:9b3d4731edbb	1156	if (passkeyDisplayCallback) {
WFKnight	0:9b3d4731edbb	1157	passkeyDisplayCallback(connectionHandle, passkey);
WFKnight	0:9b3d4731edbb	1158	}
WFKnight	0:9b3d4731edbb	1159	};
WFKnight	0:9b3d4731edbb	1160
WFKnight	0:9b3d4731edbb	1161	SecurityManager::SecuritySetupInitiatedCallback_t securitySetupInitiatedCallback;
WFKnight	0:9b3d4731edbb	1162	SecurityManager::SecuritySetupCompletedCallback_t securitySetupCompletedCallback;
WFKnight	0:9b3d4731edbb	1163	SecurityManager::LinkSecuredCallback_t linkSecuredCallback;
WFKnight	0:9b3d4731edbb	1164	SecurityManager::HandleSpecificEvent_t securityContextStoredCallback;
WFKnight	0:9b3d4731edbb	1165	SecurityManager::PasskeyDisplayCallback_t passkeyDisplayCallback;
WFKnight	0:9b3d4731edbb	1166	};
WFKnight	0:9b3d4731edbb	1167
WFKnight	0:9b3d4731edbb	1168	private:
WFKnight	0:9b3d4731edbb	1169	SecurityManagerShutdownCallbackChain_t shutdownCallChain;
WFKnight	0:9b3d4731edbb	1170
WFKnight	0:9b3d4731edbb	1171	protected:
WFKnight	0:9b3d4731edbb	1172	EventHandler* eventHandler;
WFKnight	0:9b3d4731edbb	1173	LegacyEventHandler defaultEventHandler;
WFKnight	0:9b3d4731edbb	1174	};
WFKnight	0:9b3d4731edbb	1175
WFKnight	0:9b3d4731edbb	1176	#endif /SECURITY_MANAGER_H_/

Repository toolbox

Repository details

Type:	Program
Mbed OS support:	Mbed OS
Created:	21 Jun 2018
Imports:	1
Forks:	0
Commits:	1
Dependents:	0
Dependencies:	0
Followers:	1

Important changes to repositories hosted on mbed.com

mbed-os/features/FEATURE_BLE/ble/SecurityManager.h@0:9b3d4731edbb, 2018-06-21 (annotated)

Who changed what in which revision?

Repository toolbox

Repository details

Important Information for this Arm website

Important changes to repositories hosted on mbed.com

mbed-os/features/FEATURE_BLE/ble/SecurityManager.h@0:9b3d4731edbb, 2018-06-21 (annotated)

Who changed what in which revision?

Repository toolbox

Repository details

Important Information for this Arm website

Access Warning