From aede2a5680861f8bac59673ce17a710afabca884 Mon Sep 17 00:00:00 2001 From: Vincent Coubard Date: Tue, 16 Jan 2018 11:23:33 +0000 Subject: [PATCH 1/5] Move ::SecurityManagerEventHandler and ::LegacySecurityManagerEventHandler into ::SecurityManager . Fixes access right and compilation error. --- features/FEATURE_BLE/ble/SecurityManager.h | 204 +++++++++++---------- 1 file changed, 103 insertions(+), 101 deletions(-) diff --git a/features/FEATURE_BLE/ble/SecurityManager.h b/features/FEATURE_BLE/ble/SecurityManager.h index bcfa7103137..2d6e1c7b708 100644 --- a/features/FEATURE_BLE/ble/SecurityManager.h +++ b/features/FEATURE_BLE/ble/SecurityManager.h @@ -106,6 +106,108 @@ class SecurityManager { typedef FunctionPointerWithContext SecurityManagerShutdownCallback_t; typedef CallChainOfFunctionPointersWithContext SecurityManagerShutdownCallbackChain_t; +public: + /* subclass to override handlers */ + class SecurityManagerEventHandler { + public: + SecurityManagerEventHandler() {}; + virtual ~SecurityManagerEventHandler() {}; + + virtual void securitySetupInitiated(connection_handle_t handle, bool allowBonding, bool requireMITM, SecurityManager::SecurityIOCapabilities_t iocaps) { + (void)handle; + (void)allowBonding; + (void)requireMITM; + (void)iocaps; + }; + virtual void securitySetupCompleted(connection_handle_t handle, SecurityManager::SecurityCompletionStatus_t status) { + (void)handle; + (void)status; + }; + virtual void linkSecured(connection_handle_t handle, SecurityManager::SecurityMode_t securityMode) { + (void)handle; + (void)securityMode; + }; + virtual void securityContextStored(connection_handle_t handle) { + (void)handle; + } + virtual void passkeyDisplay(connection_handle_t handle, const SecurityManager::Passkey_t passkey) { + (void)handle; + (void)passkey; + }; + virtual void validMicTimeout(connection_handle_t handle) { + (void)handle; + }; + virtual void linkKeyFailure(connection_handle_t handle) { + (void)handle; + }; + virtual void keypressNotification(connection_handle_t handle, SecurityManager::Keypress_t keypress) { + (void)handle; + (void)keypress; + }; + virtual void legacyPairingOobRequest(connection_handle_t handle) { + (void)handle; + }; + virtual void oobRequest(connection_handle_t handle) { + (void)handle; + }; + virtual void pinRequest(connection_handle_t handle) { + (void)handle; + }; + virtual void passkeyRequest(connection_handle_t handle) { + (void)handle; + }; + virtual void confirmationRequest(connection_handle_t handle) { + (void)handle; + }; + virtual void acceptPairingRequest(connection_handle_t handle) { + (void)handle; + }; + }; + +private: + /* legacy compatibility with old callbacks (from both sides, so combination of new and old works) */ + class LegacySecurityManagerEventHandler : public SecurityManagerEventHandler { + public: + LegacySecurityManagerEventHandler() : + securitySetupInitiatedCallback(), + securitySetupCompletedCallback(), + linkSecuredCallback(), + securityContextStoredCallback(), + passkeyDisplayCallback() { }; + + void securitySetupInitiated(connection_handle_t handle, bool allowBonding, bool requireMITM, SecurityManager::SecurityIOCapabilities_t iocaps) { + if (securitySetupInitiatedCallback) { + securitySetupInitiatedCallback(handle, allowBonding, requireMITM, iocaps); + } + }; + void securitySetupCompleted(connection_handle_t handle, SecurityManager::SecurityCompletionStatus_t status) { + if (securitySetupCompletedCallback) { + securitySetupCompletedCallback(handle, status); + } + }; + void linkSecured(connection_handle_t handle, SecurityManager::SecurityMode_t securityMode) { + if (linkSecuredCallback) { + linkSecuredCallback(handle, securityMode); + } + }; + void securityContextStored(connection_handle_t handle) { + if (securityContextStoredCallback) { + securityContextStoredCallback(handle); + } + } + void passkeyDisplay(connection_handle_t handle, const SecurityManager::Passkey_t passkey) { + if (passkeyDisplayCallback) { + passkeyDisplayCallback(handle, passkey); + } + }; + + SecurityManager::SecuritySetupInitiatedCallback_t securitySetupInitiatedCallback; + SecurityManager::SecuritySetupCompletedCallback_t securitySetupCompletedCallback; + SecurityManager::LinkSecuredCallback_t linkSecuredCallback; + SecurityManager::HandleSpecificEvent_t securityContextStoredCallback; + SecurityManager::PasskeyDisplayCallback_t passkeyDisplayCallback; + }; + /* * The following functions are meant to be overridden in the platform-specific sub-class. */ @@ -161,7 +263,7 @@ class SecurityManager { shutdownCallChain.clear(); if (eventHandler != &defaultEventHandler) { delete eventHandler; - eventHandler = defaultEventHandler; + eventHandler = &defaultEventHandler; } return BLE_ERROR_NONE; @@ -533,104 +635,4 @@ class SecurityManager { LegacySecurityManagerEventHandler defaultEventHandler; }; -/* subclass to override handlers */ -class SecurityManagerEventHandler { -public: - SecurityManagerEventHandler() {}; - virtual ~SecurityManagerEventHandler() {}; - - virtual void securitySetupInitiated(connection_handle_t handle, bool allowBonding, bool requireMITM, SecurityManager::SecurityIOCapabilities_t iocaps) { - (void)handle; - (void)allowBonding; - (void)requireMITM; - (void)iocaps; - }; - virtual void securitySetupCompleted(connection_handle_t handle, SecurityManager::SecurityCompletionStatus_t status) { - (void)handle; - (void)status; - }; - virtual void linkSecured(connection_handle_t handle, SecurityManager::SecurityMode_t securityMode) { - (void)handle; - (void)securityMode; - }; - virtual void securityContextStored(connection_handle_t handle) { - (void)handle; - } - virtual void passkeyDisplay(connection_handle_t handle, const SecurityManager::Passkey_t passkey) { - (void)handle; - (void)passkey; - }; - virtual void validMicTimeout(connection_handle_t handle) { - (void)handle; - }; - virtual void linkKeyFailure(connection_handle_t handle) { - (void)handle; - }; - virtual void keypressNotification(connection_handle_t handle, SecurityManager::Keypress_t keypress) { - (void)handle; - (void)keypress; - }; - virtual void legacyPairingOobRequest(connection_handle_t handle) { - (void)handle; - }; - virtual void oobRequest(connection_handle_t handle) { - (void)handle; - }; - virtual void pinRequest(connection_handle_t handle) { - (void)handle; - }; - virtual void passkeyRequest(connection_handle_t handle) { - (void)handle; - }; - virtual void confirmationRequest(connection_handle_t handle) { - (void)handle; - }; - virtual void acceptPairingRequest(connection_handle_t handle) { - (void)handle; - }; -}; - -/* legacy compatibility with old callbacks (from both sides, so combination of new and old works) */ -class LegacySecurityManagerEventHandler : public SecurityManagerEventHandler { -public: - LegacySecurityManagerEventHandler() : - securitySetupInitiatedCallback(), - securitySetupCompletedCallback(), - linkSecuredCallback(), - securityContextStoredCallback(), - passkeyDisplayCallback() { }; - - void securitySetupInitiated(connection_handle_t handle, bool allowBonding, bool requireMITM, SecurityManager::SecurityIOCapabilities_t iocaps) { - if (securitySetupInitiatedCallback) { - securitySetupInitiatedCallback(handle, allowBonding, requireMITM, iocaps); - } - }; - void securitySetupCompleted(connection_handle_t handle, SecurityManager::SecurityCompletionStatus_t status) { - if (securitySetupCompletedCallback) { - securitySetupCompletedCallback(handle, status); - } - }; - void linkSecured(connection_handle_t handle, SecurityManager::SecurityMode_t securityMode) { - if (linkSecuredCallback) { - linkSecuredCallback(handle, securityMode); - } - }; - void securityContextStored(connection_handle_t handle) { - if (securityContextStoredCallback) { - securityContextStoredCallback(handle); - } - } - void passkeyDisplay(connection_handle_t handle, const SecurityManager::Passkey_t passkey) { - if (passkeyDisplayCallback) { - passkeyDisplayCallback(handle, passkey); - } - }; -private: - SecurityManager::SecuritySetupInitiatedCallback_t securitySetupInitiatedCallback; - SecurityManager::SecuritySetupCompletedCallback_t securitySetupCompletedCallback; - SecurityManager::LinkSecuredCallback_t linkSecuredCallback; - SecurityManager::HandleSpecificEvent_t securityContextStoredCallback; - SecurityManager::PasskeyDisplayCallback_t passkeyDisplayCallback; -}; - #endif /*__SECURITY_MANAGER_H__*/ From 9d08b2ddb36220ee173c0354f7a6653a81f06cc2 Mon Sep 17 00:00:00 2001 From: Vincent Coubard Date: Tue, 16 Jan 2018 11:29:38 +0000 Subject: [PATCH 2/5] Fixes: * replace invalid using statement by typedef * replace SecurityIOCapabilities_t by io_capability_t in send_pairing_response * fix failure type in cancel_pairing --- features/FEATURE_BLE/ble/pal/PalSecurityManager.h | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/features/FEATURE_BLE/ble/pal/PalSecurityManager.h b/features/FEATURE_BLE/ble/pal/PalSecurityManager.h index b2bf3fa7602..608c3ca2b70 100644 --- a/features/FEATURE_BLE/ble/pal/PalSecurityManager.h +++ b/features/FEATURE_BLE/ble/pal/PalSecurityManager.h @@ -75,12 +75,10 @@ struct pairing_failure_t : SafeEnum { pairing_failure_t(type value) : SafeEnum(value) { } }; - -using SecurityManager::IO_CAPS_NONE; -using SecurityManager::SecurityCompletionStatus_t; -using SecurityManager::SecurityMode_t; -using SecurityManager::LinkSecurityStatus_t; -using SecurityManager::Keypress_t; +typedef SecurityManager::SecurityCompletionStatus_t SecurityCompletionStatus_t; +typedef SecurityManager::SecurityMode_t SecurityMode_t; +typedef SecurityManager::LinkSecurityStatus_t LinkSecurityStatus_t; +typedef SecurityManager::Keypress_t Keypress_t; /* please use typedef for porting not the types directly */ @@ -371,7 +369,7 @@ class SecurityManager : private mbed::NonCopyable { */ virtual ble_error_t send_pairing_response( connection_handle_t handle, - SecurityIOCapabilities_t iocaps, + io_capability_t io_capability, bool oob_data_flag, authentication_t authentication_requirements, uint8_t max_key_size, @@ -385,7 +383,7 @@ class SecurityManager : private mbed::NonCopyable { * @see BLUETOOTH SPECIFICATION Version 5.0 | Vol 3, Part H - 3.5.5 */ virtual ble_error_t cancel_pairing( - connection_handle_t handle, pairing_failed_reason_t reason + connection_handle_t handle, pairing_failure_t reason ) = 0; virtual ble_error_t request_authentication(connection_handle_t handle) = 0; From 4df41f3ee8a105113e738802a6e3d6cc50b5e5d8 Mon Sep 17 00:00:00 2001 From: Vincent Coubard Date: Tue, 16 Jan 2018 12:11:04 +0000 Subject: [PATCH 3/5] Add mention of function that sets a default passkey. --- features/FEATURE_BLE/ble/pal/PalSecurityManager.h | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/features/FEATURE_BLE/ble/pal/PalSecurityManager.h b/features/FEATURE_BLE/ble/pal/PalSecurityManager.h index 608c3ca2b70..8ea7f51b1ed 100644 --- a/features/FEATURE_BLE/ble/pal/PalSecurityManager.h +++ b/features/FEATURE_BLE/ble/pal/PalSecurityManager.h @@ -82,7 +82,7 @@ typedef SecurityManager::Keypress_t Keypress_t; /* please use typedef for porting not the types directly */ -typedef uint8_t passkey_t[6]; +typedef uint8_t passkey_t[3]; typedef uint8_t oob_data_t[16]; typedef uint8_t irk_t[16]; @@ -215,6 +215,10 @@ class SecurityManagerEventHandler { /** * Adaptation layer of the Security Manager. + * + * + * FIXME: ADD API in the pal to set default passkey! + * */ class SecurityManager : private mbed::NonCopyable { public: From 323bae44e111c724c9c942072424301d5aa46e57 Mon Sep 17 00:00:00 2001 From: Vincent Coubard Date: Tue, 16 Jan 2018 12:12:30 +0000 Subject: [PATCH 4/5] Fixe compilation errors --- .../source/generic/GenericSecurityManager.cpp | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp b/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp index ba97c67d108..54ad13ce49a 100644 --- a/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp +++ b/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp @@ -34,7 +34,7 @@ using ble::pal::csrk_t; using ble::pal::ltk_t; using ble::pal::ediv_t; using ble::pal::rand_t; -using SecurityManager::SecurityIOCapabilities_t; +typedef SecurityManager::SecurityIOCapabilities_t SecurityIOCapabilities_t; static const uint8_t NUMBER_OFFSET = '0'; @@ -120,7 +120,7 @@ class GenericSecurityManager : public SecurityManager, bondable = initBondable; mitm = initMITM; iocaps = initIocaps; - passkey = initPasskey; + memcpy(passkey, initPasskey, sizeof(Passkey_t)); return BLE_ERROR_NONE; } @@ -179,17 +179,15 @@ class GenericSecurityManager : public SecurityManager, // Security settings // - ble_error_t setPinCode(uint8_t pinLength, uint8_t *pinCode, - bool isStatic = false) { - return pal.set_pin_code(pinLength, pinCode, isStatic); - } - ble_error_t setPasskey(const Passkey_t passkeyASCI, bool isStatic = false) { + // FIXME: ADD API in the pal to set default passkey! +#if 0 uint32_t passkey = 0; for (int i = 0, m = 1; i < 6; ++i, m *= 10) { passkey += (passkeyASCI[i] - NUMBER_OFFSET) * m; } - return pal.set_passkey(passkey); +#endif + return BLE_ERROR_NOT_IMPLEMENTED; } ble_error_t setAuthenticationTimeout(connection_handle_t handle, @@ -201,7 +199,7 @@ class GenericSecurityManager : public SecurityManager, uint32_t *timeout_in_ms) { uint16_t timeout_in_10ms; ble_error_t status = pal.get_authentication_timeout(handle, timeout_in_10ms); - timeout_in_ms = 10 * timeout_in_10ms; + *timeout_in_ms = 10 * timeout_in_10ms; return status; } @@ -297,7 +295,9 @@ class GenericSecurityManager : public SecurityManager, } virtual ble_error_t passkeyEntered(Gap::Handle_t handle, Passkey_t passkey) { - return pal.passkey_entered(handle, passkey); + // FIXME: convert to passkey_t (3 bytes instead of 6) + //return pal.passkey_request_reply(handle, passkey); + return BLE_ERROR_NOT_IMPLEMENTED; } virtual ble_error_t sendKeypressNotification(Gap::Handle_t handle, Keypress_t keypress) { @@ -308,7 +308,7 @@ class GenericSecurityManager : public SecurityManager, // Event handler // - void setSecurityManagerEventHandler(::SecurityManagerEventHandler* handler) { + void setSecurityManagerEventHandler(::SecurityManager::SecurityManagerEventHandler* handler) { SecurityManager::setSecurityManagerEventHandler(handler); if (handler) { _app_event_handler = handler; @@ -459,7 +459,7 @@ class GenericSecurityManager : public SecurityManager, private: /* handler is always a valid pointer */ - ::SecurityManagerEventHandler *_app_event_handler; + ::SecurityManager::SecurityManagerEventHandler *_app_event_handler; }; From 75c7460575d26d83e94d39ce541fe2685c018ef6 Mon Sep 17 00:00:00 2001 From: Vincent Coubard Date: Tue, 16 Jan 2018 12:13:14 +0000 Subject: [PATCH 5/5] Remove setPinCode function (not needed) and oob related functions. --- features/FEATURE_BLE/ble/SecurityManager.h | 46 +--------------------- 1 file changed, 1 insertion(+), 45 deletions(-) diff --git a/features/FEATURE_BLE/ble/SecurityManager.h b/features/FEATURE_BLE/ble/SecurityManager.h index 2d6e1c7b708..6a83f76f625 100644 --- a/features/FEATURE_BLE/ble/SecurityManager.h +++ b/features/FEATURE_BLE/ble/SecurityManager.h @@ -90,10 +90,6 @@ class SecurityManager { */ static const unsigned PASSKEY_LEN = 6; typedef uint8_t Passkey_t[PASSKEY_LEN]; /**< 6-digit passkey in ASCII ('0'-'9' digits only). */ - typedef uint8_t C192_t[16]; - typedef uint8_t R192_t[16]; - typedef uint8_t C256_t[16]; - typedef uint8_t R256_t[16]; typedef void (*HandleSpecificEvent_t)(Gap::Handle_t handle); typedef void (*SecuritySetupInitiatedCallback_t)(Gap::Handle_t, bool allowBonding, bool requireMITM, SecurityIOCapabilities_t iocaps); @@ -325,14 +321,6 @@ class SecurityManager { // Security settings // - virtual ble_error_t setPinCode(uint8_t pinLength, uint8_t * pinCode, bool isStatic = false) { - (void) pinLength; - (void) pinCode; - (void) isStatic; - - return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */ - } - virtual ble_error_t setPasskey(const Passkey_t passkey) { (void) passkey; return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */ @@ -466,39 +454,6 @@ class SecurityManager { (void) keypress; return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */ } - virtual ble_error_t setOob(Gap::Handle_t handle, C192_t* hash192, R192_t* rand192) { - (void) handle; - (void) hash192; - (void) rand192; - return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */ - } - virtual ble_error_t setExtendedOob(Gap::Handle_t handle, - C192_t* hash192, R192_t* rand192, - C256_t* hash256, R256_t* rand256) { - (void) handle; - (void) hash192; - (void) rand192; - (void) hash256; - (void) rand256; - return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */ - } - virtual ble_error_t getLocalOobData(Gap::Handle_t handle, C192_t* hash192, R192_t* rand192) { - (void) handle; - (void) hash192; - (void) rand192; - return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */ - } - virtual ble_error_t getLocalExtendedOobData(Gap::Handle_t handle, - C192_t* hash192, R192_t* rand192, - C256_t* hash256, R256_t* rand256) { - (void) handle; - (void) hash192; - (void) rand192; - (void) hash256; - (void) rand256; - return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */ - } - /* Event callback handlers. */ public: @@ -632,6 +587,7 @@ class SecurityManager { SecurityManagerEventHandler* eventHandler; SecurityManagerShutdownCallbackChain_t shutdownCallChain; +protected: LegacySecurityManagerEventHandler defaultEventHandler; };