Marco Zecchini
Rtos API example
mbed-os/features/FEATURE_BLE/ble/SecurityManager.h@0:9fca2b23d0ba, 2019-02-23 (annotated)
- Committer:
- marcozecchini
- Date:
- Sat Feb 23 12:13:36 2019 +0000
- Revision:
- 0:9fca2b23d0ba
final commit
Who changed what in which revision?
| User | Revision | Line number | New contents of line |
|---|---|---|---|
| marcozecchini | 0:9fca2b23d0ba | 1 | /* mbed Microcontroller Library |
| marcozecchini | 0:9fca2b23d0ba | 2 | * Copyright (c) 2006-2015 ARM Limited |
| marcozecchini | 0:9fca2b23d0ba | 3 | * |
| marcozecchini | 0:9fca2b23d0ba | 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| marcozecchini | 0:9fca2b23d0ba | 5 | * you may not use this file except in compliance with the License. |
| marcozecchini | 0:9fca2b23d0ba | 6 | * You may obtain a copy of the License at |
| marcozecchini | 0:9fca2b23d0ba | 7 | * |
| marcozecchini | 0:9fca2b23d0ba | 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| marcozecchini | 0:9fca2b23d0ba | 9 | * |
| marcozecchini | 0:9fca2b23d0ba | 10 | * Unless required by applicable law or agreed to in writing, software |
| marcozecchini | 0:9fca2b23d0ba | 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| marcozecchini | 0:9fca2b23d0ba | 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| marcozecchini | 0:9fca2b23d0ba | 13 | * See the License for the specific language governing permissions and |
| marcozecchini | 0:9fca2b23d0ba | 14 | * limitations under the License. |
| marcozecchini | 0:9fca2b23d0ba | 15 | */ |
| marcozecchini | 0:9fca2b23d0ba | 16 | |
| marcozecchini | 0:9fca2b23d0ba | 17 | #ifndef __SECURITY_MANAGER_H__ |
| marcozecchini | 0:9fca2b23d0ba | 18 | #define __SECURITY_MANAGER_H__ |
| marcozecchini | 0:9fca2b23d0ba | 19 | |
| marcozecchini | 0:9fca2b23d0ba | 20 | #include <stdint.h> |
| marcozecchini | 0:9fca2b23d0ba | 21 | |
| marcozecchini | 0:9fca2b23d0ba | 22 | #include "Gap.h" |
| marcozecchini | 0:9fca2b23d0ba | 23 | #include "CallChainOfFunctionPointersWithContext.h" |
| marcozecchini | 0:9fca2b23d0ba | 24 | |
| marcozecchini | 0:9fca2b23d0ba | 25 | class SecurityManager { |
| marcozecchini | 0:9fca2b23d0ba | 26 | public: |
| marcozecchini | 0:9fca2b23d0ba | 27 | enum SecurityMode_t { |
| marcozecchini | 0:9fca2b23d0ba | 28 | SECURITY_MODE_NO_ACCESS, |
| marcozecchini | 0:9fca2b23d0ba | 29 | SECURITY_MODE_ENCRYPTION_OPEN_LINK, /**< Require no protection, open link. */ |
| marcozecchini | 0:9fca2b23d0ba | 30 | SECURITY_MODE_ENCRYPTION_NO_MITM, /**< Require encryption, but no MITM protection. */ |
| marcozecchini | 0:9fca2b23d0ba | 31 | SECURITY_MODE_ENCRYPTION_WITH_MITM, /**< Require encryption and MITM protection. */ |
| marcozecchini | 0:9fca2b23d0ba | 32 | SECURITY_MODE_SIGNED_NO_MITM, /**< Require signing or encryption, but no MITM protection. */ |
| marcozecchini | 0:9fca2b23d0ba | 33 | SECURITY_MODE_SIGNED_WITH_MITM, /**< Require signing or encryption, and MITM protection. */ |
| marcozecchini | 0:9fca2b23d0ba | 34 | }; |
| marcozecchini | 0:9fca2b23d0ba | 35 | |
| marcozecchini | 0:9fca2b23d0ba | 36 | /** |
| marcozecchini | 0:9fca2b23d0ba | 37 | * @brief Defines possible security status or states. |
| marcozecchini | 0:9fca2b23d0ba | 38 | * |
| marcozecchini | 0:9fca2b23d0ba | 39 | * @details Defines possible security status or states of a link when requested by getLinkSecurity(). |
| marcozecchini | 0:9fca2b23d0ba | 40 | */ |
| marcozecchini | 0:9fca2b23d0ba | 41 | enum LinkSecurityStatus_t { |
| marcozecchini | 0:9fca2b23d0ba | 42 | NOT_ENCRYPTED, /**< The link is not secured. */ |
| marcozecchini | 0:9fca2b23d0ba | 43 | ENCRYPTION_IN_PROGRESS, /**< Link security is being established.*/ |
| marcozecchini | 0:9fca2b23d0ba | 44 | ENCRYPTED /**< The link is secure.*/ |
| marcozecchini | 0:9fca2b23d0ba | 45 | }; |
| marcozecchini | 0:9fca2b23d0ba | 46 | |
| marcozecchini | 0:9fca2b23d0ba | 47 | enum SecurityIOCapabilities_t { |
| marcozecchini | 0:9fca2b23d0ba | 48 | IO_CAPS_DISPLAY_ONLY = 0x00, /**< Display only. */ |
| marcozecchini | 0:9fca2b23d0ba | 49 | IO_CAPS_DISPLAY_YESNO = 0x01, /**< Display and yes/no entry. */ |
| marcozecchini | 0:9fca2b23d0ba | 50 | IO_CAPS_KEYBOARD_ONLY = 0x02, /**< Keyboard only. */ |
| marcozecchini | 0:9fca2b23d0ba | 51 | IO_CAPS_NONE = 0x03, /**< No I/O capabilities. */ |
| marcozecchini | 0:9fca2b23d0ba | 52 | IO_CAPS_KEYBOARD_DISPLAY = 0x04, /**< Keyboard and display. */ |
| marcozecchini | 0:9fca2b23d0ba | 53 | }; |
| marcozecchini | 0:9fca2b23d0ba | 54 | |
| marcozecchini | 0:9fca2b23d0ba | 55 | enum SecurityCompletionStatus_t { |
| marcozecchini | 0:9fca2b23d0ba | 56 | SEC_STATUS_SUCCESS = 0x00, /**< Procedure completed with success. */ |
| marcozecchini | 0:9fca2b23d0ba | 57 | SEC_STATUS_TIMEOUT = 0x01, /**< Procedure timed out. */ |
| marcozecchini | 0:9fca2b23d0ba | 58 | SEC_STATUS_PDU_INVALID = 0x02, /**< Invalid PDU received. */ |
| marcozecchini | 0:9fca2b23d0ba | 59 | SEC_STATUS_PASSKEY_ENTRY_FAILED = 0x81, /**< Passkey entry failed (user canceled or other). */ |
| marcozecchini | 0:9fca2b23d0ba | 60 | SEC_STATUS_OOB_NOT_AVAILABLE = 0x82, /**< Out of Band Key not available. */ |
| marcozecchini | 0:9fca2b23d0ba | 61 | SEC_STATUS_AUTH_REQ = 0x83, /**< Authentication requirements not met. */ |
| marcozecchini | 0:9fca2b23d0ba | 62 | SEC_STATUS_CONFIRM_VALUE = 0x84, /**< Confirm value failed. */ |
| marcozecchini | 0:9fca2b23d0ba | 63 | SEC_STATUS_PAIRING_NOT_SUPP = 0x85, /**< Pairing not supported. */ |
| marcozecchini | 0:9fca2b23d0ba | 64 | SEC_STATUS_ENC_KEY_SIZE = 0x86, /**< Encryption key size. */ |
| marcozecchini | 0:9fca2b23d0ba | 65 | SEC_STATUS_SMP_CMD_UNSUPPORTED = 0x87, /**< Unsupported SMP command. */ |
| marcozecchini | 0:9fca2b23d0ba | 66 | SEC_STATUS_UNSPECIFIED = 0x88, /**< Unspecified reason. */ |
| marcozecchini | 0:9fca2b23d0ba | 67 | SEC_STATUS_REPEATED_ATTEMPTS = 0x89, /**< Too little time elapsed since last attempt. */ |
| marcozecchini | 0:9fca2b23d0ba | 68 | SEC_STATUS_INVALID_PARAMS = 0x8A, /**< Invalid parameters. */ |
| marcozecchini | 0:9fca2b23d0ba | 69 | }; |
| marcozecchini | 0:9fca2b23d0ba | 70 | |
| marcozecchini | 0:9fca2b23d0ba | 71 | /** |
| marcozecchini | 0:9fca2b23d0ba | 72 | * Declaration of type containing a passkey to be used during pairing. This |
| marcozecchini | 0:9fca2b23d0ba | 73 | * is passed into initializeSecurity() to specify a pre-programmed passkey |
| marcozecchini | 0:9fca2b23d0ba | 74 | * for authentication instead of generating a random one. |
| marcozecchini | 0:9fca2b23d0ba | 75 | */ |
| marcozecchini | 0:9fca2b23d0ba | 76 | static const unsigned PASSKEY_LEN = 6; |
| marcozecchini | 0:9fca2b23d0ba | 77 | typedef uint8_t Passkey_t[PASSKEY_LEN]; /**< 6-digit passkey in ASCII ('0'-'9' digits only). */ |
| marcozecchini | 0:9fca2b23d0ba | 78 | |
| marcozecchini | 0:9fca2b23d0ba | 79 | public: |
| marcozecchini | 0:9fca2b23d0ba | 80 | typedef void (*HandleSpecificEvent_t)(Gap::Handle_t handle); |
| marcozecchini | 0:9fca2b23d0ba | 81 | typedef void (*SecuritySetupInitiatedCallback_t)(Gap::Handle_t, bool allowBonding, bool requireMITM, SecurityIOCapabilities_t iocaps); |
| marcozecchini | 0:9fca2b23d0ba | 82 | typedef void (*SecuritySetupCompletedCallback_t)(Gap::Handle_t, SecurityCompletionStatus_t status); |
| marcozecchini | 0:9fca2b23d0ba | 83 | typedef void (*LinkSecuredCallback_t)(Gap::Handle_t handle, SecurityMode_t securityMode); |
| marcozecchini | 0:9fca2b23d0ba | 84 | typedef void (*PasskeyDisplayCallback_t)(Gap::Handle_t handle, const Passkey_t passkey); |
| marcozecchini | 0:9fca2b23d0ba | 85 | |
| marcozecchini | 0:9fca2b23d0ba | 86 | typedef FunctionPointerWithContext<const SecurityManager *> SecurityManagerShutdownCallback_t; |
| marcozecchini | 0:9fca2b23d0ba | 87 | typedef CallChainOfFunctionPointersWithContext<const SecurityManager *> SecurityManagerShutdownCallbackChain_t; |
| marcozecchini | 0:9fca2b23d0ba | 88 | |
| marcozecchini | 0:9fca2b23d0ba | 89 | /* |
| marcozecchini | 0:9fca2b23d0ba | 90 | * The following functions are meant to be overridden in the platform-specific sub-class. |
| marcozecchini | 0:9fca2b23d0ba | 91 | */ |
| marcozecchini | 0:9fca2b23d0ba | 92 | public: |
| marcozecchini | 0:9fca2b23d0ba | 93 | /** |
| marcozecchini | 0:9fca2b23d0ba | 94 | * Enable the BLE stack's Security Manager. The Security Manager implements |
| marcozecchini | 0:9fca2b23d0ba | 95 | * the actual cryptographic algorithms and protocol exchanges that allow two |
| marcozecchini | 0:9fca2b23d0ba | 96 | * devices to securely exchange data and privately detect each other. |
| marcozecchini | 0:9fca2b23d0ba | 97 | * Calling this API is a prerequisite for encryption and pairing (bonding). |
| marcozecchini | 0:9fca2b23d0ba | 98 | * |
| marcozecchini | 0:9fca2b23d0ba | 99 | * @param[in] enableBonding Allow for bonding. |
| marcozecchini | 0:9fca2b23d0ba | 100 | * @param[in] requireMITM Require protection for man-in-the-middle attacks. |
| marcozecchini | 0:9fca2b23d0ba | 101 | * @param[in] iocaps To specify the I/O capabilities of this peripheral, |
| marcozecchini | 0:9fca2b23d0ba | 102 | * such as availability of a display or keyboard, to |
| marcozecchini | 0:9fca2b23d0ba | 103 | * support out-of-band exchanges of security data. |
| marcozecchini | 0:9fca2b23d0ba | 104 | * @param[in] passkey To specify a static passkey. |
| marcozecchini | 0:9fca2b23d0ba | 105 | * |
| marcozecchini | 0:9fca2b23d0ba | 106 | * @return BLE_ERROR_NONE on success. |
| marcozecchini | 0:9fca2b23d0ba | 107 | */ |
| marcozecchini | 0:9fca2b23d0ba | 108 | virtual ble_error_t init(bool enableBonding = true, |
| marcozecchini | 0:9fca2b23d0ba | 109 | bool requireMITM = true, |
| marcozecchini | 0:9fca2b23d0ba | 110 | SecurityIOCapabilities_t iocaps = IO_CAPS_NONE, |
| marcozecchini | 0:9fca2b23d0ba | 111 | const Passkey_t passkey = NULL) { |
| marcozecchini | 0:9fca2b23d0ba | 112 | /* Avoid compiler warnings about unused variables. */ |
| marcozecchini | 0:9fca2b23d0ba | 113 | (void)enableBonding; |
| marcozecchini | 0:9fca2b23d0ba | 114 | (void)requireMITM; |
| marcozecchini | 0:9fca2b23d0ba | 115 | (void)iocaps; |
| marcozecchini | 0:9fca2b23d0ba | 116 | (void)passkey; |
| marcozecchini | 0:9fca2b23d0ba | 117 | |
| marcozecchini | 0:9fca2b23d0ba | 118 | return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */ |
| marcozecchini | 0:9fca2b23d0ba | 119 | } |
| marcozecchini | 0:9fca2b23d0ba | 120 | |
| marcozecchini | 0:9fca2b23d0ba | 121 | /** |
| marcozecchini | 0:9fca2b23d0ba | 122 | * Get the security status of a connection. |
| marcozecchini | 0:9fca2b23d0ba | 123 | * |
| marcozecchini | 0:9fca2b23d0ba | 124 | * @param[in] connectionHandle Handle to identify the connection. |
| marcozecchini | 0:9fca2b23d0ba | 125 | * @param[out] securityStatusP Security status. |
| marcozecchini | 0:9fca2b23d0ba | 126 | * |
| marcozecchini | 0:9fca2b23d0ba | 127 | * @return BLE_ERROR_NONE or appropriate error code indicating the failure reason. |
| marcozecchini | 0:9fca2b23d0ba | 128 | */ |
| marcozecchini | 0:9fca2b23d0ba | 129 | virtual ble_error_t getLinkSecurity(Gap::Handle_t connectionHandle, LinkSecurityStatus_t *securityStatusP) { |
| marcozecchini | 0:9fca2b23d0ba | 130 | /* Avoid compiler warnings about unused variables. */ |
| marcozecchini | 0:9fca2b23d0ba | 131 | (void)connectionHandle; |
| marcozecchini | 0:9fca2b23d0ba | 132 | (void)securityStatusP; |
| marcozecchini | 0:9fca2b23d0ba | 133 | |
| marcozecchini | 0:9fca2b23d0ba | 134 | return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */ |
| marcozecchini | 0:9fca2b23d0ba | 135 | } |
| marcozecchini | 0:9fca2b23d0ba | 136 | |
| marcozecchini | 0:9fca2b23d0ba | 137 | /** |
| marcozecchini | 0:9fca2b23d0ba | 138 | * Set the security mode on a connection. Useful for elevating the security mode |
| marcozecchini | 0:9fca2b23d0ba | 139 | * once certain conditions are met, e.g., a particular service is found. |
| marcozecchini | 0:9fca2b23d0ba | 140 | * |
| marcozecchini | 0:9fca2b23d0ba | 141 | * @param[in] connectionHandle Handle to identify the connection. |
| marcozecchini | 0:9fca2b23d0ba | 142 | * @param[in] securityMode Requested security mode. |
| marcozecchini | 0:9fca2b23d0ba | 143 | * |
| marcozecchini | 0:9fca2b23d0ba | 144 | * @return BLE_ERROR_NONE or appropriate error code indicating the failure reason. |
| marcozecchini | 0:9fca2b23d0ba | 145 | */ |
| marcozecchini | 0:9fca2b23d0ba | 146 | virtual ble_error_t setLinkSecurity(Gap::Handle_t connectionHandle, SecurityMode_t securityMode) { |
| marcozecchini | 0:9fca2b23d0ba | 147 | /* Avoid compiler warnings about unused variables. */ |
| marcozecchini | 0:9fca2b23d0ba | 148 | (void)connectionHandle; |
| marcozecchini | 0:9fca2b23d0ba | 149 | (void)securityMode; |
| marcozecchini | 0:9fca2b23d0ba | 150 | |
| marcozecchini | 0:9fca2b23d0ba | 151 | return BLE_ERROR_NOT_IMPLEMENTED; |
| marcozecchini | 0:9fca2b23d0ba | 152 | } |
| marcozecchini | 0:9fca2b23d0ba | 153 | |
| marcozecchini | 0:9fca2b23d0ba | 154 | /** |
| marcozecchini | 0:9fca2b23d0ba | 155 | * Delete all peer device context and all related bonding information from |
| marcozecchini | 0:9fca2b23d0ba | 156 | * the database within the security manager. |
| marcozecchini | 0:9fca2b23d0ba | 157 | * |
| marcozecchini | 0:9fca2b23d0ba | 158 | * @retval BLE_ERROR_NONE On success, else an error code indicating reason for failure. |
| marcozecchini | 0:9fca2b23d0ba | 159 | * @retval BLE_ERROR_INVALID_STATE If the API is called without module initialization or |
| marcozecchini | 0:9fca2b23d0ba | 160 | * application registration. |
| marcozecchini | 0:9fca2b23d0ba | 161 | */ |
| marcozecchini | 0:9fca2b23d0ba | 162 | virtual ble_error_t purgeAllBondingState(void) { |
| marcozecchini | 0:9fca2b23d0ba | 163 | return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */ |
| marcozecchini | 0:9fca2b23d0ba | 164 | } |
| marcozecchini | 0:9fca2b23d0ba | 165 | |
| marcozecchini | 0:9fca2b23d0ba | 166 | /** |
| marcozecchini | 0:9fca2b23d0ba | 167 | * Get a list of addresses from all peers in the bond table. |
| marcozecchini | 0:9fca2b23d0ba | 168 | * |
| marcozecchini | 0:9fca2b23d0ba | 169 | * @param[in,out] addresses |
| marcozecchini | 0:9fca2b23d0ba | 170 | * (on input) addresses.capacity contains the maximum |
| marcozecchini | 0:9fca2b23d0ba | 171 | * number of addresses to be returned. |
| marcozecchini | 0:9fca2b23d0ba | 172 | * (on output) The populated table with copies of the |
| marcozecchini | 0:9fca2b23d0ba | 173 | * addresses in the implementation's whitelist. |
| marcozecchini | 0:9fca2b23d0ba | 174 | * |
| marcozecchini | 0:9fca2b23d0ba | 175 | * @retval BLE_ERROR_NONE On success, else an error code indicating reason for failure. |
| marcozecchini | 0:9fca2b23d0ba | 176 | * @retval BLE_ERROR_INVALID_STATE If the API is called without module initialization or |
| marcozecchini | 0:9fca2b23d0ba | 177 | * application registration. |
| marcozecchini | 0:9fca2b23d0ba | 178 | * |
| marcozecchini | 0:9fca2b23d0ba | 179 | * @experimental |
| marcozecchini | 0:9fca2b23d0ba | 180 | */ |
| marcozecchini | 0:9fca2b23d0ba | 181 | virtual ble_error_t getAddressesFromBondTable(Gap::Whitelist_t &addresses) const { |
| marcozecchini | 0:9fca2b23d0ba | 182 | /* Avoid compiler warnings about unused variables */ |
| marcozecchini | 0:9fca2b23d0ba | 183 | (void) addresses; |
| marcozecchini | 0:9fca2b23d0ba | 184 | |
| marcozecchini | 0:9fca2b23d0ba | 185 | return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */ |
| marcozecchini | 0:9fca2b23d0ba | 186 | } |
| marcozecchini | 0:9fca2b23d0ba | 187 | |
| marcozecchini | 0:9fca2b23d0ba | 188 | /* Event callback handlers. */ |
| marcozecchini | 0:9fca2b23d0ba | 189 | public: |
| marcozecchini | 0:9fca2b23d0ba | 190 | /** |
| marcozecchini | 0:9fca2b23d0ba | 191 | * Setup a callback to be invoked to notify the user application that the |
| marcozecchini | 0:9fca2b23d0ba | 192 | * SecurityManager instance is about to shutdown (possibly as a result of a call |
| marcozecchini | 0:9fca2b23d0ba | 193 | * to BLE::shutdown()). |
| marcozecchini | 0:9fca2b23d0ba | 194 | * |
| marcozecchini | 0:9fca2b23d0ba | 195 | * @note It is possible to chain together multiple onShutdown callbacks |
| marcozecchini | 0:9fca2b23d0ba | 196 | * (potentially from different modules of an application) to be notified |
| marcozecchini | 0:9fca2b23d0ba | 197 | * before the SecurityManager is shutdown. |
| marcozecchini | 0:9fca2b23d0ba | 198 | * |
| marcozecchini | 0:9fca2b23d0ba | 199 | * @note It is also possible to set up a callback into a member function of |
| marcozecchini | 0:9fca2b23d0ba | 200 | * some object. |
| marcozecchini | 0:9fca2b23d0ba | 201 | * |
| marcozecchini | 0:9fca2b23d0ba | 202 | * @note It is possible to unregister a callback using onShutdown().detach(callback) |
| marcozecchini | 0:9fca2b23d0ba | 203 | */ |
| marcozecchini | 0:9fca2b23d0ba | 204 | void onShutdown(const SecurityManagerShutdownCallback_t& callback) { |
| marcozecchini | 0:9fca2b23d0ba | 205 | shutdownCallChain.add(callback); |
| marcozecchini | 0:9fca2b23d0ba | 206 | } |
| marcozecchini | 0:9fca2b23d0ba | 207 | template <typename T> |
| marcozecchini | 0:9fca2b23d0ba | 208 | void onShutdown(T *objPtr, void (T::*memberPtr)(const SecurityManager *)) { |
| marcozecchini | 0:9fca2b23d0ba | 209 | shutdownCallChain.add(objPtr, memberPtr); |
| marcozecchini | 0:9fca2b23d0ba | 210 | } |
| marcozecchini | 0:9fca2b23d0ba | 211 | |
| marcozecchini | 0:9fca2b23d0ba | 212 | /** |
| marcozecchini | 0:9fca2b23d0ba | 213 | * @brief provide access to the callchain of shutdown event callbacks |
| marcozecchini | 0:9fca2b23d0ba | 214 | * It is possible to register callbacks using onShutdown().add(callback); |
| marcozecchini | 0:9fca2b23d0ba | 215 | * It is possible to unregister callbacks using onShutdown().detach(callback) |
| marcozecchini | 0:9fca2b23d0ba | 216 | * @return The shutdown event callbacks chain |
| marcozecchini | 0:9fca2b23d0ba | 217 | */ |
| marcozecchini | 0:9fca2b23d0ba | 218 | SecurityManagerShutdownCallbackChain_t& onShutdown() { |
| marcozecchini | 0:9fca2b23d0ba | 219 | return shutdownCallChain; |
| marcozecchini | 0:9fca2b23d0ba | 220 | } |
| marcozecchini | 0:9fca2b23d0ba | 221 | |
| marcozecchini | 0:9fca2b23d0ba | 222 | /** |
| marcozecchini | 0:9fca2b23d0ba | 223 | * To indicate that a security procedure for the link has started. |
| marcozecchini | 0:9fca2b23d0ba | 224 | */ |
| marcozecchini | 0:9fca2b23d0ba | 225 | virtual void onSecuritySetupInitiated(SecuritySetupInitiatedCallback_t callback) {securitySetupInitiatedCallback = callback;} |
| marcozecchini | 0:9fca2b23d0ba | 226 | |
| marcozecchini | 0:9fca2b23d0ba | 227 | /** |
| marcozecchini | 0:9fca2b23d0ba | 228 | * To indicate that the security procedure for the link has completed. |
| marcozecchini | 0:9fca2b23d0ba | 229 | */ |
| marcozecchini | 0:9fca2b23d0ba | 230 | virtual void onSecuritySetupCompleted(SecuritySetupCompletedCallback_t callback) {securitySetupCompletedCallback = callback;} |
| marcozecchini | 0:9fca2b23d0ba | 231 | |
| marcozecchini | 0:9fca2b23d0ba | 232 | /** |
| marcozecchini | 0:9fca2b23d0ba | 233 | * To indicate that the link with the peer is secured. For bonded devices, |
| marcozecchini | 0:9fca2b23d0ba | 234 | * subsequent reconnections with a bonded peer will result only in this callback |
| marcozecchini | 0:9fca2b23d0ba | 235 | * when the link is secured; setup procedures will not occur (unless the |
| marcozecchini | 0:9fca2b23d0ba | 236 | * bonding information is either lost or deleted on either or both sides). |
| marcozecchini | 0:9fca2b23d0ba | 237 | */ |
| marcozecchini | 0:9fca2b23d0ba | 238 | virtual void onLinkSecured(LinkSecuredCallback_t callback) {linkSecuredCallback = callback;} |
| marcozecchini | 0:9fca2b23d0ba | 239 | |
| marcozecchini | 0:9fca2b23d0ba | 240 | /** |
| marcozecchini | 0:9fca2b23d0ba | 241 | * To indicate that device context is stored persistently. |
| marcozecchini | 0:9fca2b23d0ba | 242 | */ |
| marcozecchini | 0:9fca2b23d0ba | 243 | virtual void onSecurityContextStored(HandleSpecificEvent_t callback) {securityContextStoredCallback = callback;} |
| marcozecchini | 0:9fca2b23d0ba | 244 | |
| marcozecchini | 0:9fca2b23d0ba | 245 | /** |
| marcozecchini | 0:9fca2b23d0ba | 246 | * To set the callback for when the passkey needs to be displayed on a peripheral with DISPLAY capability. |
| marcozecchini | 0:9fca2b23d0ba | 247 | */ |
| marcozecchini | 0:9fca2b23d0ba | 248 | virtual void onPasskeyDisplay(PasskeyDisplayCallback_t callback) {passkeyDisplayCallback = callback;} |
| marcozecchini | 0:9fca2b23d0ba | 249 | |
| marcozecchini | 0:9fca2b23d0ba | 250 | /* Entry points for the underlying stack to report events back to the user. */ |
| marcozecchini | 0:9fca2b23d0ba | 251 | public: |
| marcozecchini | 0:9fca2b23d0ba | 252 | void processSecuritySetupInitiatedEvent(Gap::Handle_t handle, bool allowBonding, bool requireMITM, SecurityIOCapabilities_t iocaps) { |
| marcozecchini | 0:9fca2b23d0ba | 253 | if (securitySetupInitiatedCallback) { |
| marcozecchini | 0:9fca2b23d0ba | 254 | securitySetupInitiatedCallback(handle, allowBonding, requireMITM, iocaps); |
| marcozecchini | 0:9fca2b23d0ba | 255 | } |
| marcozecchini | 0:9fca2b23d0ba | 256 | } |
| marcozecchini | 0:9fca2b23d0ba | 257 | |
| marcozecchini | 0:9fca2b23d0ba | 258 | void processSecuritySetupCompletedEvent(Gap::Handle_t handle, SecurityCompletionStatus_t status) { |
| marcozecchini | 0:9fca2b23d0ba | 259 | if (securitySetupCompletedCallback) { |
| marcozecchini | 0:9fca2b23d0ba | 260 | securitySetupCompletedCallback(handle, status); |
| marcozecchini | 0:9fca2b23d0ba | 261 | } |
| marcozecchini | 0:9fca2b23d0ba | 262 | } |
| marcozecchini | 0:9fca2b23d0ba | 263 | |
| marcozecchini | 0:9fca2b23d0ba | 264 | void processLinkSecuredEvent(Gap::Handle_t handle, SecurityMode_t securityMode) { |
| marcozecchini | 0:9fca2b23d0ba | 265 | if (linkSecuredCallback) { |
| marcozecchini | 0:9fca2b23d0ba | 266 | linkSecuredCallback(handle, securityMode); |
| marcozecchini | 0:9fca2b23d0ba | 267 | } |
| marcozecchini | 0:9fca2b23d0ba | 268 | } |
| marcozecchini | 0:9fca2b23d0ba | 269 | |
| marcozecchini | 0:9fca2b23d0ba | 270 | void processSecurityContextStoredEvent(Gap::Handle_t handle) { |
| marcozecchini | 0:9fca2b23d0ba | 271 | if (securityContextStoredCallback) { |
| marcozecchini | 0:9fca2b23d0ba | 272 | securityContextStoredCallback(handle); |
| marcozecchini | 0:9fca2b23d0ba | 273 | } |
| marcozecchini | 0:9fca2b23d0ba | 274 | } |
| marcozecchini | 0:9fca2b23d0ba | 275 | |
| marcozecchini | 0:9fca2b23d0ba | 276 | void processPasskeyDisplayEvent(Gap::Handle_t handle, const Passkey_t passkey) { |
| marcozecchini | 0:9fca2b23d0ba | 277 | if (passkeyDisplayCallback) { |
| marcozecchini | 0:9fca2b23d0ba | 278 | passkeyDisplayCallback(handle, passkey); |
| marcozecchini | 0:9fca2b23d0ba | 279 | } |
| marcozecchini | 0:9fca2b23d0ba | 280 | } |
| marcozecchini | 0:9fca2b23d0ba | 281 | |
| marcozecchini | 0:9fca2b23d0ba | 282 | protected: |
| marcozecchini | 0:9fca2b23d0ba | 283 | SecurityManager() : |
| marcozecchini | 0:9fca2b23d0ba | 284 | securitySetupInitiatedCallback(), |
| marcozecchini | 0:9fca2b23d0ba | 285 | securitySetupCompletedCallback(), |
| marcozecchini | 0:9fca2b23d0ba | 286 | linkSecuredCallback(), |
| marcozecchini | 0:9fca2b23d0ba | 287 | securityContextStoredCallback(), |
| marcozecchini | 0:9fca2b23d0ba | 288 | passkeyDisplayCallback() { |
| marcozecchini | 0:9fca2b23d0ba | 289 | /* empty */ |
| marcozecchini | 0:9fca2b23d0ba | 290 | } |
| marcozecchini | 0:9fca2b23d0ba | 291 | |
| marcozecchini | 0:9fca2b23d0ba | 292 | public: |
| marcozecchini | 0:9fca2b23d0ba | 293 | /** |
| marcozecchini | 0:9fca2b23d0ba | 294 | * Notify all registered onShutdown callbacks that the SecurityManager is |
| marcozecchini | 0:9fca2b23d0ba | 295 | * about to be shutdown and clear all SecurityManager state of the |
| marcozecchini | 0:9fca2b23d0ba | 296 | * associated object. |
| marcozecchini | 0:9fca2b23d0ba | 297 | * |
| marcozecchini | 0:9fca2b23d0ba | 298 | * This function is meant to be overridden in the platform-specific |
| marcozecchini | 0:9fca2b23d0ba | 299 | * sub-class. Nevertheless, the sub-class is only expected to reset its |
| marcozecchini | 0:9fca2b23d0ba | 300 | * state and not the data held in SecurityManager members. This shall be |
| marcozecchini | 0:9fca2b23d0ba | 301 | * achieved by a call to SecurityManager::reset() from the sub-class' |
| marcozecchini | 0:9fca2b23d0ba | 302 | * reset() implementation. |
| marcozecchini | 0:9fca2b23d0ba | 303 | * |
| marcozecchini | 0:9fca2b23d0ba | 304 | * @return BLE_ERROR_NONE on success. |
| marcozecchini | 0:9fca2b23d0ba | 305 | */ |
| marcozecchini | 0:9fca2b23d0ba | 306 | virtual ble_error_t reset(void) { |
| marcozecchini | 0:9fca2b23d0ba | 307 | /* Notify that the instance is about to shutdown */ |
| marcozecchini | 0:9fca2b23d0ba | 308 | shutdownCallChain.call(this); |
| marcozecchini | 0:9fca2b23d0ba | 309 | shutdownCallChain.clear(); |
| marcozecchini | 0:9fca2b23d0ba | 310 | |
| marcozecchini | 0:9fca2b23d0ba | 311 | securitySetupInitiatedCallback = NULL; |
| marcozecchini | 0:9fca2b23d0ba | 312 | securitySetupCompletedCallback = NULL; |
| marcozecchini | 0:9fca2b23d0ba | 313 | linkSecuredCallback = NULL; |
| marcozecchini | 0:9fca2b23d0ba | 314 | securityContextStoredCallback = NULL; |
| marcozecchini | 0:9fca2b23d0ba | 315 | passkeyDisplayCallback = NULL; |
| marcozecchini | 0:9fca2b23d0ba | 316 | |
| marcozecchini | 0:9fca2b23d0ba | 317 | return BLE_ERROR_NONE; |
| marcozecchini | 0:9fca2b23d0ba | 318 | } |
| marcozecchini | 0:9fca2b23d0ba | 319 | |
| marcozecchini | 0:9fca2b23d0ba | 320 | protected: |
| marcozecchini | 0:9fca2b23d0ba | 321 | SecuritySetupInitiatedCallback_t securitySetupInitiatedCallback; |
| marcozecchini | 0:9fca2b23d0ba | 322 | SecuritySetupCompletedCallback_t securitySetupCompletedCallback; |
| marcozecchini | 0:9fca2b23d0ba | 323 | LinkSecuredCallback_t linkSecuredCallback; |
| marcozecchini | 0:9fca2b23d0ba | 324 | HandleSpecificEvent_t securityContextStoredCallback; |
| marcozecchini | 0:9fca2b23d0ba | 325 | PasskeyDisplayCallback_t passkeyDisplayCallback; |
| marcozecchini | 0:9fca2b23d0ba | 326 | |
| marcozecchini | 0:9fca2b23d0ba | 327 | private: |
| marcozecchini | 0:9fca2b23d0ba | 328 | SecurityManagerShutdownCallbackChain_t shutdownCallChain; |
| marcozecchini | 0:9fca2b23d0ba | 329 | }; |
| marcozecchini | 0:9fca2b23d0ba | 330 | |
| marcozecchini | 0:9fca2b23d0ba | 331 | #endif /*__SECURITY_MANAGER_H__*/ |