Updated
Fork of BLE_API by
ble/SecurityManager.h
- Committer:
- rgrover1
- Date:
- 2015-06-19
- Revision:
- 710:b2e1a2660ec2
- Parent:
- public/SecurityManager.h@ 560:ce6e36951457
File content as of revision 710:b2e1a2660ec2:
/* mbed Microcontroller Library * Copyright (c) 2006-2015 ARM Limited * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #ifndef __SECURITY_MANAGER_H__ #define __SECURITY_MANAGER_H__ #include <stdint.h> #include "Gap.h" class SecurityManager { public: enum SecurityMode_t { SECURITY_MODE_NO_ACCESS, SECURITY_MODE_ENCRYPTION_OPEN_LINK, /**< require no protection, open link. */ SECURITY_MODE_ENCRYPTION_NO_MITM, /**< require encryption, but no MITM protection. */ SECURITY_MODE_ENCRYPTION_WITH_MITM, /**< require encryption and MITM protection. */ SECURITY_MODE_SIGNED_NO_MITM, /**< require signing or encryption, but no MITM protection. */ SECURITY_MODE_SIGNED_WITH_MITM, /**< require signing or encryption, and MITM protection. */ }; /** * @brief Defines possible security status/states. * * @details Defines possible security status/states of a link when requested by getLinkSecurity(). */ enum LinkSecurityStatus_t { NOT_ENCRYPTED, /**< The link is not secured. */ ENCRYPTION_IN_PROGRESS, /**< Link security is being established.*/ ENCRYPTED /**< The link is secure.*/ }; enum SecurityIOCapabilities_t { IO_CAPS_DISPLAY_ONLY = 0x00, /**< Display Only. */ IO_CAPS_DISPLAY_YESNO = 0x01, /**< Display and Yes/No entry. */ IO_CAPS_KEYBOARD_ONLY = 0x02, /**< Keyboard Only. */ IO_CAPS_NONE = 0x03, /**< No I/O capabilities. */ IO_CAPS_KEYBOARD_DISPLAY = 0x04, /**< Keyboard and Display. */ }; enum SecurityCompletionStatus_t { SEC_STATUS_SUCCESS = 0x00, /**< Procedure completed with success. */ SEC_STATUS_TIMEOUT = 0x01, /**< Procedure timed out. */ SEC_STATUS_PDU_INVALID = 0x02, /**< Invalid PDU received. */ SEC_STATUS_PASSKEY_ENTRY_FAILED = 0x81, /**< Passkey entry failed (user canceled or other). */ SEC_STATUS_OOB_NOT_AVAILABLE = 0x82, /**< Out of Band Key not available. */ SEC_STATUS_AUTH_REQ = 0x83, /**< Authentication requirements not met. */ SEC_STATUS_CONFIRM_VALUE = 0x84, /**< Confirm value failed. */ SEC_STATUS_PAIRING_NOT_SUPP = 0x85, /**< Pairing not supported. */ SEC_STATUS_ENC_KEY_SIZE = 0x86, /**< Encryption key size. */ SEC_STATUS_SMP_CMD_UNSUPPORTED = 0x87, /**< Unsupported SMP command. */ SEC_STATUS_UNSPECIFIED = 0x88, /**< Unspecified reason. */ SEC_STATUS_REPEATED_ATTEMPTS = 0x89, /**< Too little time elapsed since last attempt. */ SEC_STATUS_INVALID_PARAMS = 0x8A, /**< Invalid parameters. */ }; /** * Declaration of type containing a passkey to be used during pairing. This * is passed into initializeSecurity() to specify a pre-programmed passkey * for authentication instead of generating a random one. */ static const unsigned PASSKEY_LEN = 6; typedef uint8_t Passkey_t[PASSKEY_LEN]; /**< 6-digit passkey in ASCII ('0'-'9' digits only). */ public: typedef void (*HandleSpecificEvent_t)(Gap::Handle_t handle); typedef void (*SecuritySetupInitiatedCallback_t)(Gap::Handle_t, bool allowBonding, bool requireMITM, SecurityIOCapabilities_t iocaps); typedef void (*SecuritySetupCompletedCallback_t)(Gap::Handle_t, SecurityCompletionStatus_t status); typedef void (*LinkSecuredCallback_t)(Gap::Handle_t handle, SecurityMode_t securityMode); typedef void (*PasskeyDisplayCallback_t)(Gap::Handle_t handle, const Passkey_t passkey); /* * The following functions are meant to be overridden in the platform-specific sub-class. */ public: /** * Enable the BLE stack's Security Manager. The Security Manager implements * the actual cryptographic algorithms and protocol exchanges that allow two * devices to securely exchange data and privately detect each other. * Calling this API is a prerequisite for encryption and pairing (bonding). * * @param[in] enableBonding Allow for bonding. * @param[in] requireMITM Require protection for man-in-the-middle attacks. * @param[in] iocaps To specify IO capabilities of this peripheral, * such as availability of a display or keyboard to * support out-of-band exchanges of security data. * @param[in] passkey To specify a static passkey. * * @return BLE_ERROR_NONE on success. */ virtual ble_error_t init(bool enableBonding = true, bool requireMITM = true, SecurityIOCapabilities_t iocaps = IO_CAPS_NONE, const Passkey_t passkey = NULL) { return BLE_ERROR_NOT_IMPLEMENTED; /* default implementation; override this if security is supported. */ } /** * Get the security status of a connection. * * @param[in] connectionHandle Handle to identify the connection. * @param[out] securityStatusP security status. * * @return BLE_SUCCESS Or appropriate error code indicating reason for failure. */ virtual ble_error_t getLinkSecurity(Gap::Handle_t connectionHandle, LinkSecurityStatus_t *securityStatusP) { return BLE_ERROR_NOT_IMPLEMENTED; /* default implementation; override this if security is supported. */ } /** * Delete all peer device context and all related bonding information from * the database within the security manager. * * @retval BLE_ERROR_NONE On success, else an error code indicating reason for failure. * @retval BLE_ERROR_INVALID_STATE If the API is called without module initialization and/or * application registration. */ virtual ble_error_t purgeAllBondingState(void) { return BLE_ERROR_NOT_IMPLEMENTED; /* default implementation; override this if security is supported. */ } /* Event callback handlers. */ public: /** * To indicate that security procedure for link has started. */ virtual void onSecuritySetupInitiated(SecuritySetupInitiatedCallback_t callback) {securitySetupInitiatedCallback = callback;} /** * To indicate that security procedure for link has completed. */ virtual void onSecuritySetupCompleted(SecuritySetupCompletedCallback_t callback) {securitySetupCompletedCallback = callback;} /** * To indicate that link with the peer is secured. For bonded devices, * subsequent re-connections with bonded peer will result only in this callback * when the link is secured and setup procedures will not occur unless the * bonding information is either lost or deleted on either or both sides. */ virtual void onLinkSecured(LinkSecuredCallback_t callback) {linkSecuredCallback = callback;} /** * To indicate that device context is stored persistently. */ virtual void onSecurityContextStored(HandleSpecificEvent_t callback) {securityContextStoredCallback = callback;} /** * To set the callback for when the passkey needs to be displayed on a peripheral with DISPLAY capability. */ virtual void onPasskeyDisplay(PasskeyDisplayCallback_t callback) {passkeyDisplayCallback = callback;} /* Entry points for the underlying stack to report events back to the user. */ public: void processSecuritySetupInitiatedEvent(Gap::Handle_t handle, bool allowBonding, bool requireMITM, SecurityIOCapabilities_t iocaps) { if (securitySetupInitiatedCallback) { securitySetupInitiatedCallback(handle, allowBonding, requireMITM, iocaps); } } void processSecuritySetupCompletedEvent(Gap::Handle_t handle, SecurityCompletionStatus_t status) { if (securitySetupCompletedCallback) { securitySetupCompletedCallback(handle, status); } } void processLinkSecuredEvent(Gap::Handle_t handle, SecurityMode_t securityMode) { if (linkSecuredCallback) { linkSecuredCallback(handle, securityMode); } } void processSecurityContextStoredEvent(Gap::Handle_t handle) { if (securityContextStoredCallback) { securityContextStoredCallback(handle); } } void processPasskeyDisplayEvent(Gap::Handle_t handle, const Passkey_t passkey) { if (passkeyDisplayCallback) { passkeyDisplayCallback(handle, passkey); } } protected: SecurityManager() : securitySetupInitiatedCallback(), securitySetupCompletedCallback(), linkSecuredCallback(), securityContextStoredCallback(), passkeyDisplayCallback() { /* empty */ } protected: SecuritySetupInitiatedCallback_t securitySetupInitiatedCallback; SecuritySetupCompletedCallback_t securitySetupCompletedCallback; LinkSecuredCallback_t linkSecuredCallback; HandleSpecificEvent_t securityContextStoredCallback; PasskeyDisplayCallback_t passkeyDisplayCallback; }; #endif /*__SECURITY_MANAGER_H__*/