Kenji Arai / mbed-os_TYBLE16

Dependents:   TYBLE16_simple_data_logger TYBLE16_MP3_Air

Embed: (wiki syntax)

« Back to documentation index

Show/hide line numbers GenericSecurityManager.h Source File

GenericSecurityManager.h

00001 /* mbed Microcontroller Library
00002  * Copyright (c) 2018 ARM Limited
00003  *
00004  * Licensed under the Apache License, Version 2.0 (the "License");
00005  * you may not use this file except in compliance with the License.
00006  * You may obtain a copy of the License at
00007  *
00008  *     http://www.apache.org/licenses/LICENSE-2.0
00009  *
00010  * Unless required by applicable law or agreed to in writing, software
00011  * distributed under the License is distributed on an "AS IS" BASIS,
00012  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
00013  * See the License for the specific language governing permissions and
00014  * limitations under the License.
00015  */
00016 
00017 #ifndef _GENERIC_SECURITY_MANAGER_H_
00018 #define _GENERIC_SECURITY_MANAGER_H_
00019 
00020 #include "ble/SecurityManager.h"
00021 #include "ble/pal/GapTypes.h"
00022 #include "ble/BLETypes.h"
00023 #include "ble/generic/SecurityDb.h"
00024 #include "platform/Callback.h"
00025 #include "ble/pal/ConnectionEventMonitor.h"
00026 #include "ble/pal/SigningEventMonitor.h"
00027 #include "ble/generic/GenericGap.h"
00028 #include "ble/pal/PalSecurityManager.h"
00029 
00030 namespace ble {
00031 namespace generic {
00032 
00033 template <template<class> class TPalSecurityManager, template<class> class SigningMonitor>
00034 class GenericSecurityManager :
00035     public interface::SecurityManager<GenericSecurityManager<TPalSecurityManager, SigningMonitor > >, // SecurityManager
00036     public pal::SecurityManagerEventHandler<GenericSecurityManager<TPalSecurityManager, SigningMonitor> >, // PalSmEventHandler
00037     public pal::ConnectionEventMonitorEventHandler<GenericSecurityManager<TPalSecurityManager, SigningMonitor> >, // ConnectionObserver
00038     public pal::SigningMonitorEventHandler<GenericSecurityManager<TPalSecurityManager, SigningMonitor> > //SigningObserver
00039 {
00040     // typedefs
00041     typedef interface::SecurityManager<GenericSecurityManager> SecurityManager;
00042     typedef SigningMonitor<GenericSecurityManager> SigningEventMonitor;
00043     typedef typename TPalSecurityManager<GenericSecurityManager>::Base PalSecurityManager;
00044 
00045     // friends
00046     friend class pal::ConnectionEventMonitorEventHandler<GenericSecurityManager>;
00047 
00048     // imports from SecurityManager
00049     typedef typename SecurityManager::SecurityIOCapabilities_t SecurityIOCapabilities_t;
00050     typedef typename SecurityManager::SecurityMode_t SecurityMode_t;
00051     typedef typename SecurityManager::SecurityCompletionStatus_t SecurityCompletionStatus_t;
00052     typedef typename SecurityManager::Passkey_t Passkey_t;
00053     typedef typename SecurityManager::Keypress_t Keypress_t;
00054     typedef typename SecurityManager::EventHandler SecurityManagerEventHandler;
00055 
00056     using SecurityManager::SECURITY_MODE_ENCRYPTION_OPEN_LINK;
00057     using SecurityManager::SECURITY_MODE_ENCRYPTION_NO_MITM;
00058     using SecurityManager::SECURITY_MODE_ENCRYPTION_WITH_MITM;
00059     using SecurityManager::SECURITY_MODE_SIGNED_NO_MITM;
00060     using SecurityManager::SECURITY_MODE_SIGNED_WITH_MITM;
00061     using SecurityManager::SEC_STATUS_TIMEOUT;
00062     using SecurityManager::SEC_STATUS_SUCCESS;
00063 
00064     using SecurityManager::eventHandler;
00065     using SecurityManager::requestPairing;
00066     using SecurityManager::getLinkEncryption;
00067     using SecurityManager::requestAuthentication;
00068     using SecurityManager::generateOOB;
00069     using SecurityManager::cancelPairingRequest;
00070     using SecurityManager::acceptPairingRequest;
00071 
00072 public:
00073 
00074     /* implements SecurityManager */
00075 
00076     ////////////////////////////////////////////////////////////////////////////
00077     // SM lifecycle management
00078     //
00079 
00080     ble_error_t init_(
00081         bool bondable,
00082         bool mitm,
00083         SecurityIOCapabilities_t iocaps,
00084         const uint8_t* passkey,
00085         bool signing,
00086         const char* db_path
00087     );
00088 
00089     ble_error_t setDatabaseFilepath_(const char *db_path = NULL);
00090 
00091     ble_error_t reset_();
00092 
00093     ble_error_t preserveBondingStateOnReset_(
00094         bool enabled
00095     );
00096 
00097     ////////////////////////////////////////////////////////////////////////////
00098     // List management
00099     //
00100 
00101     ble_error_t purgeAllBondingState_();
00102 
00103     ble_error_t generateWhitelistFromBondTable_(
00104         ::Gap::Whitelist_t *whitelist
00105     ) const;
00106 
00107     ////////////////////////////////////////////////////////////////////////////
00108     // Pairing
00109     //
00110 
00111     ble_error_t requestPairing_(
00112         connection_handle_t connection
00113     );
00114 
00115     ble_error_t acceptPairingRequest_(
00116         connection_handle_t connection
00117     );
00118 
00119     ble_error_t cancelPairingRequest_(
00120         connection_handle_t connection
00121     );
00122 
00123     ble_error_t setPairingRequestAuthorisation_(
00124         bool required = true
00125     );
00126 
00127     ////////////////////////////////////////////////////////////////////////////
00128     // Feature support
00129     //
00130 
00131     ble_error_t allowLegacyPairing_(
00132         bool allow = true
00133     );
00134 
00135     ble_error_t getSecureConnectionsSupport_(
00136         bool *enabled
00137     );
00138 
00139     ////////////////////////////////////////////////////////////////////////////
00140     // Security settings
00141     //
00142 
00143     ble_error_t setIoCapability_(
00144         SecurityIOCapabilities_t iocaps
00145     );
00146 
00147     ble_error_t setDisplayPasskey_(
00148         const uint8_t* passkey
00149     );
00150 
00151     ble_error_t setAuthenticationTimeout_(
00152         connection_handle_t connection,
00153         uint32_t timeout_in_ms
00154     );
00155 
00156     ble_error_t getAuthenticationTimeout_(
00157         connection_handle_t connection,
00158         uint32_t *timeout_in_ms
00159     );
00160 
00161     ble_error_t setLinkSecurity_(
00162         connection_handle_t connection,
00163         SecurityMode_t securityMode
00164     );
00165 
00166     ble_error_t setKeypressNotification_(
00167         bool enabled
00168     );
00169 
00170     ble_error_t enableSigning_(
00171         connection_handle_t connection,
00172         bool enabled
00173     );
00174 
00175     ble_error_t setHintFutureRoleReversal_(
00176         bool enable
00177     );
00178 
00179     ////////////////////////////////////////////////////////////////////////////
00180     // Encryption
00181     //
00182 
00183     ble_error_t getLinkEncryption_(
00184         connection_handle_t connection,
00185         link_encryption_t *encryption
00186     );
00187 
00188     ble_error_t setLinkEncryption_(
00189         connection_handle_t connection,
00190         link_encryption_t encryption
00191     );
00192 
00193     ble_error_t getEncryptionKeySize_(
00194         connection_handle_t connection,
00195         uint8_t *size
00196     );
00197 
00198     ble_error_t setEncryptionKeyRequirements_(
00199         uint8_t minimumByteSize,
00200         uint8_t maximumByteSize
00201     );
00202 
00203     ////////////////////////////////////////////////////////////////////////////
00204     // Privacy
00205     //
00206 
00207     ble_error_t setPrivateAddressTimeout_(
00208         uint16_t timeout_in_seconds
00209     );
00210 
00211     ////////////////////////////////////////////////////////////////////////////
00212     // Keys
00213     //
00214 
00215     ble_error_t getSigningKey_(
00216         connection_handle_t connection,
00217         bool authenticated
00218     );
00219 
00220     ////////////////////////////////////////////////////////////////////////////
00221     // Authentication
00222     //
00223 
00224     ble_error_t requestAuthentication_(
00225         connection_handle_t connection
00226     );
00227 
00228     ////////////////////////////////////////////////////////////////////////////
00229     // MITM
00230     //
00231 
00232     ble_error_t generateOOB_(
00233         const address_t *address
00234     );
00235 
00236     ble_error_t setOOBDataUsage_(
00237         connection_handle_t connection,
00238         bool useOOB,
00239         bool OOBProvidesMITM
00240     );
00241 
00242     ble_error_t confirmationEntered_(
00243         connection_handle_t connection,
00244         bool confirmation
00245     );
00246 
00247     ble_error_t passkeyEntered_(
00248         connection_handle_t connection,
00249         Passkey_t passkey
00250     );
00251 
00252     ble_error_t sendKeypressNotification_(
00253         connection_handle_t connection,
00254         Keypress_t keypress
00255     );
00256 
00257     ble_error_t legacyPairingOobReceived_(
00258         const address_t *address,
00259         const oob_tk_t *tk
00260     );
00261 
00262     ble_error_t oobReceived_(
00263         const address_t *address,
00264         const oob_lesc_value_t *random,
00265         const oob_confirm_t *confirm
00266     );
00267 
00268     /* ends implements SecurityManager */
00269 
00270 public:
00271     GenericSecurityManager(
00272         PalSecurityManager &palImpl,
00273         pal::ConnectionEventMonitor<GenericSecurityManager> &connMonitorImpl,
00274         SigningEventMonitor &signingMonitorImpl
00275     ) : _pal(palImpl),
00276         _connection_monitor(connMonitorImpl),
00277         _signing_monitor(signingMonitorImpl),
00278         _db(NULL),
00279         _default_authentication(0),
00280         _default_key_distribution(pal::KeyDistribution::KEY_DISTRIBUTION_ALL),
00281         _pairing_authorisation_required(false),
00282         _legacy_pairing_allowed(true),
00283         _master_sends_keys(false) {
00284         _pal.set_event_handler(this);
00285 
00286         /* We create a fake value for oob to allow creation of the next oob which needs
00287          * the last process to finish first before restarting (this is to simplify checking).
00288          * This fake value will not be used as the oob address is currently invalid */
00289         _oob_local_random[0] = 1;
00290     }
00291 
00292     ~GenericSecurityManager() {
00293         delete _db;
00294     }
00295 
00296     ////////////////////////////////////////////////////////////////////////////
00297     // Helper functions
00298     //
00299 
00300 private:
00301 
00302     /**
00303      * Initialise the database, if database already exists it will close it and open the new one.
00304      *
00305      * @param db_path path to file to store secure db
00306      * @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
00307      */
00308     ble_error_t init_database(const char *db_path = NULL);
00309 
00310     /**
00311      * Generate identity list based on the database of IRK and apply it to the resolving list.
00312      *
00313      * @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
00314      */
00315     ble_error_t init_resolving_list();
00316 
00317     /**
00318      * Generate the CSRK if needed.
00319      *
00320      * @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
00321      */
00322     ble_error_t init_signing();
00323 
00324     /**
00325      * Fills the buffer with the specified number of bytes of random data
00326      * produced by the link controller
00327      *
00328      * @param[out] buffer buffer to be filled with random data
00329      * @param[in] size number of bytes to fill with random data
00330      * @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
00331      */
00332     ble_error_t get_random_data(
00333         uint8_t *buffer,
00334         size_t size
00335     );
00336 
00337     /**
00338      * Send slave security request based on current link settings.
00339      *
00340      * @param[in] connectionHandle Handle to identify the connection.
00341      * @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
00342      */
00343     ble_error_t slave_security_request(
00344         connection_handle_t connection
00345     );
00346 
00347     /**
00348      * Enable encryption on the link, depending on whether device is master or slave.
00349      *
00350      * @param[in] connectionHandle Handle to identify the connection.
00351      * @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
00352      */
00353     ble_error_t enable_encryption(
00354         connection_handle_t connection
00355     );
00356 
00357     /**
00358      * Returns the requested LTK to the PAL. Called by the security db.
00359      *
00360      * @param[in] entry security entry returned by the database.
00361      * @param[in] entryKeys security entry containing keys.
00362      */
00363     void enable_encryption_cb(
00364         SecurityDb::entry_handle_t entry,
00365         const SecurityEntryKeys_t* entryKeys
00366     );
00367 
00368     /**
00369      * Returns the requested LTK to the PAL. Called by the security db.
00370      *
00371      * @param[in] entry security entry returned by the database.
00372      * @param[in] entryKeys security entry containing keys.
00373      */
00374     void set_ltk_cb(
00375         SecurityDb::entry_handle_t entry,
00376         const SecurityEntryKeys_t* entryKeys
00377     );
00378 
00379     /**
00380      * Returns the CSRK for the connection. Called by the security db.
00381      *
00382      * @param[in] connectionHandle Handle to identify the connection.
00383      * @param[in] signing connection signature resolving key and counter.
00384      */
00385     void return_csrk_cb(
00386         SecurityDb::entry_handle_t connection,
00387         const SecurityEntrySigning_t *signing
00388     );
00389 
00390     /**
00391      * Set the peer CSRK for the connection. Called by the security db.
00392      *
00393      * @param[in] connectionHandle Handle to identify the connection.
00394      * @param[in] signing connection signature resolving key and counter.
00395      */
00396     void set_peer_csrk_cb(
00397         SecurityDb::entry_handle_t connection,
00398         const SecurityEntrySigning_t *signing
00399     );
00400 
00401     /**
00402      * Updates the entry for the connection with OOB data presence.
00403      *
00404      * @param[in] connectionHandle Handle to identify the connection.
00405      */
00406     void update_oob_presence(
00407         connection_handle_t connection
00408     );
00409 
00410     /**
00411      * Set the MITM protection setting on the database entry
00412      *
00413      * @param[in] connectionHandle Handle to identify the connection.
00414      * @param[in] enable if true set the MITM protection to on.
00415      */
00416     void set_mitm_performed(
00417         connection_handle_t connection,
00418         bool enable = true
00419     );
00420 
00421     /**
00422      * Inform the Security manager of a new connection. This will create
00423      * or retrieve an existing security manager entry for the connected device.
00424      * Called by GAP.
00425      *
00426      * @param[in] connectionHandle Handle to identify the connection.
00427      * @param[in] is_master True if device is the master.
00428      * @param[in] peer_address_type type of address.
00429      * @param[in] peer_address Address of the connected device.
00430      * @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
00431      */
00432     void on_connected_(
00433         connection_handle_t connection,
00434         ::Gap::Role_t role,
00435         peer_address_type_t peer_address_type,
00436         const BLEProtocol::AddressBytes_t peer_address,
00437         BLEProtocol::AddressType_t local_address_type,
00438         const BLEProtocol::AddressBytes_t local_address,
00439         const ::Gap::ConnectionParams_t *connection_params
00440     );
00441 
00442     /**
00443      * Inform the security manager that a device has been disconnected and its
00444      * entry can be put in NVM storage. Called by GAP.
00445      *
00446      * @param[in] connectionHandle Handle to identify the connection.
00447      * @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
00448      */
00449     void on_disconnected_(
00450         connection_handle_t connection,
00451         ::Gap::DisconnectionReason_t reason
00452     );
00453 
00454     /**
00455      * Callback invoked by the secure DB when an identity entry has been
00456      * retrieved.
00457      * @param entry Handle of the entry.
00458      * @param identity The identity associated with the entry; may be NULL.
00459      */
00460     void on_security_entry_retrieved(
00461         SecurityDb::entry_handle_t entry,
00462         const SecurityEntryIdentity_t* identity
00463     );
00464 
00465     /**
00466      * Callback invoked by the secure DB when the identity list has been
00467      * retrieved.
00468      *
00469      * @param identity View to the array passed to the secure DB. It contains
00470      * identity entries retrieved.
00471      *
00472      * @param count Number of identities entries retrieved.
00473      */
00474     void on_identity_list_retrieved(
00475         Span<SecurityEntryIdentity_t>& identity_list,
00476         size_t count
00477     );
00478 
00479 private:
00480     struct ControlBlock_t {
00481         ControlBlock_t();
00482 
00483         pal::KeyDistribution get_initiator_key_distribution() {
00484             return pal::KeyDistribution(initiator_key_distribution);
00485         };
00486         pal::KeyDistribution get_responder_key_distribution() {
00487             return pal::KeyDistribution(responder_key_distribution);
00488         };
00489         void set_initiator_key_distribution(pal::KeyDistribution mask) {
00490             initiator_key_distribution = mask.value();
00491         };
00492         void set_responder_key_distribution(pal::KeyDistribution mask) {
00493             responder_key_distribution = mask.value();
00494         };
00495 
00496         connection_handle_t connection;
00497         SecurityDb::entry_handle_t db_entry;
00498 
00499         address_t local_address; /**< address used for connection, possibly different from identity */
00500 
00501     private:
00502         uint8_t initiator_key_distribution:4;
00503         uint8_t responder_key_distribution:4;
00504     public:
00505         uint8_t connected:1;
00506         uint8_t authenticated:1; /**< have we turned encryption on during this connection */
00507         uint8_t is_master:1;
00508 
00509         uint8_t encryption_requested:1;
00510         uint8_t encryption_failed:1;
00511         uint8_t encrypted:1;
00512         uint8_t signing_requested:1;
00513         uint8_t signing_override_default:1;
00514 
00515         uint8_t mitm_requested:1;
00516         uint8_t mitm_performed:1; /**< keys exchange will have MITM protection */
00517 
00518         uint8_t attempt_oob:1;
00519         uint8_t oob_mitm_protection:1;
00520         uint8_t oob_present:1;
00521         uint8_t legacy_pairing_oob_request_pending:1;
00522 
00523         uint8_t csrk_failures:2;
00524     };
00525 
00526     PalSecurityManager &_pal;
00527     pal::ConnectionEventMonitor<GenericSecurityManager> &_connection_monitor;
00528     SigningEventMonitor &_signing_monitor;
00529 
00530     SecurityDb *_db;
00531 
00532     /* OOB data */
00533     address_t _oob_local_address;
00534     address_t _oob_peer_address;
00535     oob_lesc_value_t _oob_peer_random;
00536     oob_confirm_t _oob_peer_confirm;
00537     oob_lesc_value_t _oob_local_random;
00538     address_t _oob_temporary_key_creator_address; /**< device which generated and sent the TK */
00539     oob_tk_t _oob_temporary_key; /**< used for legacy pairing */
00540 
00541     pal::AuthenticationMask _default_authentication;
00542     pal::KeyDistribution _default_key_distribution;
00543 
00544     bool _pairing_authorisation_required;
00545     bool _legacy_pairing_allowed;
00546     bool _master_sends_keys;
00547 
00548     static const size_t MAX_CONTROL_BLOCKS = 5;
00549     ControlBlock_t _control_blocks[MAX_CONTROL_BLOCKS];
00550 
00551     /* implements ble::pal::SecurityManager::EventHandler */
00552 public:
00553     ////////////////////////////////////////////////////////////////////////////
00554     // Pairing
00555     //
00556 
00557     /** @copydoc ble::pal::SecurityManager::on_pairing_request
00558      */
00559     void on_pairing_request_(
00560         connection_handle_t connection,
00561         bool use_oob,
00562         pal::AuthenticationMask authentication,
00563         pal::KeyDistribution initiator_dist,
00564         pal::KeyDistribution responder_dist
00565     );
00566 
00567     /** @copydoc ble::pal::SecurityManager::on_pairing_error
00568      */
00569     void on_pairing_error_(
00570         connection_handle_t connection,
00571         pairing_failure_t error
00572     );
00573 
00574     /** @copydoc ble::pal::SecurityManager::on_pairing_timed_out
00575      */
00576     void on_pairing_timed_out_(
00577         connection_handle_t connection
00578     );
00579 
00580     /** @copydoc ble::pal::SecurityManager::on_pairing_completed
00581      */
00582     void on_pairing_completed_(
00583         connection_handle_t connection
00584     );
00585 
00586     ////////////////////////////////////////////////////////////////////////////
00587     // Security
00588     //
00589 
00590     /** @copydoc ble::pal::SecurityManager::on_valid_mic_timeout
00591      */
00592     void on_valid_mic_timeout_(
00593         connection_handle_t connection
00594     );
00595 
00596     /** @copydoc ble::pal::SecurityManager::on_signed_write_received
00597      */
00598     void on_signed_write_received_(
00599         connection_handle_t connection,
00600         uint32_t sign_coutner
00601     );
00602 
00603     /** @copydoc ble::pal::SecurityManager::on_signed_write_verification_failure
00604      */
00605     void on_signed_write_verification_failure_(
00606         connection_handle_t connection
00607     );
00608 
00609     /** @copydoc ble::pal::SecurityManager::on_signed_write
00610      */
00611     void on_signed_write_();
00612 
00613     /** @copydoc ble::pal::SecurityManager::on_slave_security_request
00614      */
00615     void on_slave_security_request_(
00616         connection_handle_t connection,
00617         pal::AuthenticationMask authentication
00618     );
00619 
00620     ////////////////////////////////////////////////////////////////////////////
00621     // Encryption
00622     //
00623 
00624     /** @copydoc ble::pal::SecurityManager::on_link_encryption_result
00625      */
00626     void on_link_encryption_result_(
00627         connection_handle_t connection,
00628         link_encryption_t result
00629     );
00630 
00631     /** @copydoc ble::pal::SecurityManager::on_link_encryption_request_timed_out
00632      */
00633     void on_link_encryption_request_timed_out_(
00634         connection_handle_t connection
00635     );
00636 
00637     ////////////////////////////////////////////////////////////////////////////
00638     // MITM
00639     //
00640 
00641     /** @copydoc ble::pal::SecurityManager::on_passkey_display
00642      */
00643     void on_passkey_display_(
00644         connection_handle_t connection,
00645         passkey_num_t passkey
00646     );
00647 
00648     /** @copydoc ble::pal::SecurityManager::on_keypress_notification
00649      */
00650     void on_keypress_notification_(
00651         connection_handle_t connection,
00652         Keypress_t keypress
00653     );
00654 
00655     /** @copydoc ble::pal::SecurityManager::on_passkey_request
00656      */
00657     void on_passkey_request_(
00658         connection_handle_t connection
00659     );
00660 
00661     /** @copydoc ble::pal::SecurityManager::on_confirmation_request
00662      */
00663     void on_confirmation_request_(
00664         connection_handle_t connection
00665     );
00666 
00667     /** @copydoc ble::pal::SecurityManager::on_secure_connections_oob_request
00668      */
00669     void on_secure_connections_oob_request_(
00670         connection_handle_t connection
00671     );
00672 
00673     /** @copydoc ble::pal::SecurityManager::on_legacy_pairing_oob_request
00674      */
00675     void on_legacy_pairing_oob_request_(
00676         connection_handle_t connection
00677     );
00678 
00679     /** @copydoc ble::pal::SecurityManager::on_secure_connections_oob_generated
00680      */
00681     void on_secure_connections_oob_generated_(
00682         const oob_lesc_value_t &random,
00683         const oob_confirm_t &confirm
00684     );
00685 
00686     ////////////////////////////////////////////////////////////////////////////
00687     // Keys
00688     //
00689 
00690     /** @copydoc ble::pal::SecurityManager::on_secure_connections_ltk_generated
00691      */
00692     void on_secure_connections_ltk_generated_(
00693         connection_handle_t connection,
00694         const ltk_t &ltk
00695     );
00696 
00697     /** @copydoc ble::pal::SecurityManager::on_keys_distributed_ltk
00698      */
00699     void on_keys_distributed_ltk_(
00700         connection_handle_t connection,
00701         const ltk_t &ltk
00702     );
00703 
00704     /** @copydoc ble::pal::SecurityManager::on_keys_distributed_ediv_rand
00705      */
00706     void on_keys_distributed_ediv_rand_(
00707         connection_handle_t connection,
00708         const ediv_t &ediv,
00709         const rand_t &rand
00710     );
00711 
00712     /** @copydoc ble::pal::SecurityManager::on_keys_distributed_local_ltk
00713      */
00714     void on_keys_distributed_local_ltk_(
00715         connection_handle_t connection,
00716         const ltk_t &ltk
00717     );
00718 
00719     /** @copydoc ble::pal::SecurityManager::on_keys_distributed_local_ediv_rand
00720      */
00721     void on_keys_distributed_local_ediv_rand_(
00722         connection_handle_t connection,
00723         const ediv_t &ediv,
00724         const rand_t &rand
00725     );
00726 
00727     /** @copydoc ble::pal::SecurityManager::on_keys_distributed_irk
00728      */
00729     void on_keys_distributed_irk_(
00730         connection_handle_t connection,
00731         const irk_t &irk
00732     );
00733 
00734     /** @copydoc ble::pal::SecurityManager::on_keys_distributed_bdaddr
00735      */
00736     void on_keys_distributed_bdaddr_(
00737         connection_handle_t connection,
00738         pal::advertising_peer_address_type_t peer_address_type,
00739         const address_t &peer_identity_address
00740     );
00741 
00742     /** @copydoc ble::pal::SecurityManager::on_keys_distributed_csrk
00743      */
00744     void on_keys_distributed_csrk_(
00745         connection_handle_t connection,
00746         const csrk_t &csrk
00747     );
00748 
00749     /** @copydoc ble::pal::SecurityManager::on_ltk_requeston_ltk_request
00750      */
00751     void on_ltk_request_(
00752         connection_handle_t connection,
00753         const ediv_t &ediv,
00754         const rand_t &rand
00755     );
00756 
00757     /** @copydoc ble::pal::SecurityManager::on_ltk_requeston_ltk_request
00758      */
00759     void on_ltk_request_(
00760         connection_handle_t connection
00761     );
00762 
00763     /* end implements ble::pal::SecurityManager::EventHandler */
00764 
00765     /* list management */
00766 
00767     ControlBlock_t* acquire_control_block(connection_handle_t connection);
00768 
00769     ControlBlock_t* get_control_block(connection_handle_t connection);
00770 
00771     ControlBlock_t* get_control_block(const address_t &peer_address);
00772 
00773     ControlBlock_t* get_control_block(SecurityDb::entry_handle_t db_entry);
00774 
00775     void release_control_block(ControlBlock_t* entry);
00776 };
00777 
00778 
00779 } /* namespace generic */
00780 } /* namespace ble */
00781 
00782 
00783 #endif /*_GENERIC_SECURITY_MANAGER_H_*/