/* mbed Microcontroller Library * Copyright (c) 2006-2020 ARM Limited * * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #ifndef IMPL_PAL_SECURITY_MANAGER_ #define IMPL_PAL_SECURITY_MANAGER_ #include "source/pal/PalSecurityManager.h" #include "ble/common/blecommon.h" #include "wsf_types.h" #include "wsf_os.h" #include "sec_api.h" #include "smp_defs.h" #include "cfg_stack.h" namespace ble { namespace impl { class BLEInstanceBase; class PalSecurityManager final : public ble::PalSecurityManager { friend BLEInstanceBase; public: PalSecurityManager(); ~PalSecurityManager(); //////////////////////////////////////////////////////////////////////////// // SM lifecycle management // /** * @see ::ble::PalSecurityManager::initialize */ ble_error_t initialize() final; /** * @see ::ble::PalSecurityManager::terminate */ ble_error_t terminate() final; /** * @see ::ble::PalSecurityManager::reset */ ble_error_t reset() final; //////////////////////////////////////////////////////////////////////////// // Resolving list management // /** * @see ::ble::PalSecurityManager::read_resolving_list_capacity */ uint8_t read_resolving_list_capacity() final; /** * @see ::ble::PalSecurityManager::add_device_to_resolving_list */ ble_error_t add_device_to_resolving_list( advertising_peer_address_type_t peer_identity_address_type, const address_t &peer_identity_address, const irk_t &peer_irk ) final; /** * @see ::ble::PalSecurityManager::remove_device_from_resolving_list */ ble_error_t remove_device_from_resolving_list( advertising_peer_address_type_t peer_identity_address_type, const address_t &peer_identity_address ) final; /** * @see ::ble::PalSecurityManager::clear_resolving_list */ ble_error_t clear_resolving_list() final; //////////////////////////////////////////////////////////////////////////// // Pairing // /** * @see ::ble::PalSecurityManager::send_pairing_request */ ble_error_t send_pairing_request( connection_handle_t connection, bool oob_data_flag, AuthenticationMask authentication_requirements, KeyDistribution initiator_dist, KeyDistribution responder_dist ) final; /** * @see ::ble::PalSecurityManager::send_pairing_response */ ble_error_t send_pairing_response( connection_handle_t connection, bool oob_data_flag, AuthenticationMask authentication_requirements, KeyDistribution initiator_dist, KeyDistribution responder_dist ) final; /** * @see ::ble::PalSecurityManager::cancel_pairing */ ble_error_t cancel_pairing( connection_handle_t connection, pairing_failure_t reason ) final; //////////////////////////////////////////////////////////////////////////// // Feature support // /** * @see ::ble::PalSecurityManager::get_secure_connections_support */ ble_error_t get_secure_connections_support( bool &enabled ) final; /** * @see ::ble::PalSecurityManager::set_io_capability */ ble_error_t set_io_capability(io_capability_t io_capability) final; //////////////////////////////////////////////////////////////////////////// // Security settings // /** * @see ::ble::PalSecurityManager::set_authentication_timeout */ ble_error_t set_authentication_timeout( connection_handle_t, uint16_t timeout_in_10ms ) final; /** * @see ::ble::PalSecurityManager::get_authentication_timeout */ ble_error_t get_authentication_timeout( connection_handle_t, uint16_t &timeout_in_10ms ) final; /** * @see ::ble::PalSecurityManager::set_encryption_key_requirements */ ble_error_t set_encryption_key_requirements( uint8_t min_encryption_key_size, uint8_t max_encryption_key_size ) final; /** * @see ::ble::PalSecurityManager::slave_security_request */ ble_error_t slave_security_request( connection_handle_t connection, AuthenticationMask authentication ) final; //////////////////////////////////////////////////////////////////////////// // Encryption // /** * @see ::ble::PalSecurityManager::enable_encryption */ ble_error_t enable_encryption( connection_handle_t connection, const ltk_t <k, const rand_t &rand, const ediv_t &ediv, bool mitm ) final; /** * @see ::ble::PalSecurityManager::enable_encryption */ ble_error_t enable_encryption( connection_handle_t connection, const ltk_t <k, bool mitm ) final; /** * @see ::ble::PalSecurityManager::encrypt_data */ ble_error_t encrypt_data( const byte_array_t<16> &key, encryption_block_t &data ) final; //////////////////////////////////////////////////////////////////////////// // Privacy // /** * @see ::ble::PalSecurityManager::set_private_address_timeout */ ble_error_t set_private_address_timeout(uint16_t timeout_in_seconds) final; /** * @see ::ble::PalSecurityManager::get_identity_address */ ble_error_t get_identity_address(address_t &address, bool &public_address) final; //////////////////////////////////////////////////////////////////////////// // Keys // /** * @see ::ble::PalSecurityManager::set_ltk */ ble_error_t set_ltk( connection_handle_t connection, const ltk_t <k, bool mitm, bool secure_connections ) final; /** * @see ::ble::PalSecurityManager::set_ltk_not_found */ ble_error_t set_ltk_not_found( connection_handle_t connection ) final; /** * @see ::ble::PalSecurityManager::set_irk */ ble_error_t set_irk(const irk_t &irk) final; /** * @see ::ble::PalSecurityManager::set_csrk */ ble_error_t set_csrk( const csrk_t &csrk, sign_count_t sign_counter ) final; /** * @see ::ble::PalSecurityManager::set_peer_csrk */ ble_error_t set_peer_csrk( connection_handle_t connection, const csrk_t &csrk, bool authenticated, sign_count_t sign_counter ) final; ble_error_t remove_peer_csrk(connection_handle_t connection) final; //////////////////////////////////////////////////////////////////////////// // Authentication // /** * @see ::ble::PalSecurityManager::get_random_data */ ble_error_t get_random_data(byte_array_t<8> &random_data) final; //////////////////////////////////////////////////////////////////////////// // MITM // /** * @see ::ble::PalSecurityManager::set_display_passkey */ ble_error_t set_display_passkey(passkey_num_t passkey) final; /** * @see ::ble::PalSecurityManager::passkey_request_reply */ ble_error_t passkey_request_reply( connection_handle_t connection, passkey_num_t passkey ) final; /** * @see ::ble::PalSecurityManager::secure_connections_oob_request_reply */ ble_error_t secure_connections_oob_request_reply( connection_handle_t connection, const oob_lesc_value_t &local_random, const oob_lesc_value_t &peer_random, const oob_confirm_t &peer_confirm ) final; /** * @see ::ble::PalSecurityManager::legacy_pairing_oob_request_reply */ ble_error_t legacy_pairing_oob_request_reply( connection_handle_t connection, const oob_tk_t &oob_data ) final; /** * @see ::ble::PalSecurityManager::confirmation_entered */ ble_error_t confirmation_entered( connection_handle_t connection, bool confirmation ) final; /** * @see ::ble::PalSecurityManager::send_keypress_notification */ ble_error_t send_keypress_notification( connection_handle_t connection, ble::Keypress_t keypress ) final; /** * @see ::ble::PalSecurityManager::generate_secure_connections_oob */ ble_error_t generate_secure_connections_oob() final; /** * @see ::ble::PalSecurityManager::set_event_handler */ void set_event_handler(PalSecurityManagerEventHandler *event_handler) final; /** * @see ::ble::PalSecurityManager::get_event_handler */ PalSecurityManagerEventHandler *get_event_handler() final; public: /* used by the PAL to get the singleton */ static PalSecurityManager &get_security_manager(); /* used by PAL to handle security messages coming from the stack Event handler */ static bool sm_handler(const wsfMsgHdr_t *msg); private: struct PrivacyControlBlock; struct PrivacyClearResListControlBlock; struct PrivacyAddDevToResListControlBlock; struct PrivacyRemoveDevFromResListControlBlock; // Queue control block to add device to resolving list void queue_add_device_to_resolving_list( advertising_peer_address_type_t peer_identity_address_type, const address_t &peer_identity_address, const irk_t &peer_irk ); // Queue control block to remove device from resolving list void queue_remove_device_from_resolving_list( advertising_peer_address_type_t peer_identity_address_type, const address_t &peer_identity_address ); // Queue control block to clear resolving list void queue_clear_resolving_list(); // Clear all control blocks void clear_privacy_control_blocks(); // Queue a control block void queue_privacy_control_block(PrivacyControlBlock *block); // Try to dequeue and process the next control block // cb_completed is set when the previous block has completed void process_privacy_control_blocks(bool cb_completed); void cleanup_peer_csrks(); PalSecurityManagerEventHandler *_pal_event_handler; bool _use_default_passkey; passkey_num_t _default_passkey; bool _lesc_keys_generated; uint8_t _public_key_x[SEC_ECC_KEY_LEN]; PrivacyControlBlock *_pending_privacy_control_blocks; bool _processing_privacy_control_block; irk_t _irk; csrk_t _csrk; csrk_t *_peer_csrks[DM_CONN_MAX]; }; } // namespace impl } // namespace ble #endif /* IMPL_PAL_SECURITY_MANAGER_ */