1 /* 2 * Copyright (C) 2014 BlueKitchen GmbH 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. Neither the name of the copyright holders nor the names of 14 * contributors may be used to endorse or promote products derived 15 * from this software without specific prior written permission. 16 * 4. Any redistribution, use, or modification is done solely for 17 * personal benefit and not for any commercial purpose or for 18 * monetary gain. 19 * 20 * THIS SOFTWARE IS PROVIDED BY BLUEKITCHEN GMBH AND CONTRIBUTORS 21 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 23 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL MATTHIAS 24 * RINGWALD OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 25 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 26 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS 27 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 28 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 29 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF 30 * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 * 33 * Please inquire about commercial licensing options at 34 * [email protected] 35 * 36 */ 37 38 #ifndef __SM_H 39 #define __SM_H 40 41 #include <stdint.h> 42 #include "btstack_util.h" 43 44 #if defined __cplusplus 45 extern "C" { 46 #endif 47 48 // PTS testing 49 void sm_test_set_irk(sm_key_t irk); 50 void sm_test_use_fixed_local_csrk(void); 51 52 typedef struct { 53 btstack_linked_item_t item; 54 bd_addr_t address; 55 bd_addr_type_t address_type; 56 } sm_lookup_entry_t; 57 58 /* API_START */ 59 60 /** 61 * @brief Initializes the Security Manager, connects to L2CAP 62 */ 63 void sm_init(void); 64 65 /** 66 * @brief Set secret ER key for key generation as described in Core V4.0, Vol 3, Part G, 5.2.2 67 * @param er 68 */ 69 void sm_set_er(sm_key_t er); 70 71 /** 72 * @brief Set secret IR key for key generation as described in Core V4.0, Vol 3, Part G, 5.2.2 73 */ 74 void sm_set_ir(sm_key_t ir); 75 76 /** 77 * 78 * @brief Registers OOB Data Callback. The callback should set the oob_data and return 1 if OOB data is availble 79 * @param get_oob_data_callback 80 */ 81 void sm_register_oob_data_callback( int (*get_oob_data_callback)(uint8_t addres_type, bd_addr_t addr, uint8_t * oob_data)); 82 83 /** 84 * 85 * @brief Registers packet handler. Called by att_server.c 86 */ 87 void sm_register_packet_handler(btstack_packet_handler_t handler); 88 89 /** 90 * @brief Limit the STK generation methods. Bonding is stopped if the resulting one isn't in the list 91 * @param OR combination of SM_STK_GENERATION_METHOD_ 92 */ 93 void sm_set_accepted_stk_generation_methods(uint8_t accepted_stk_generation_methods); 94 95 /** 96 * @brief Set the accepted encryption key size range. Bonding is stopped if the result isn't within the range 97 * @param min_size (default 7) 98 * @param max_size (default 16) 99 */ 100 void sm_set_encryption_key_size_range(uint8_t min_size, uint8_t max_size); 101 102 /** 103 * @brief Sets the requested authentication requirements, bonding yes/no, MITM yes/no 104 * @param OR combination of SM_AUTHREQ_ flags 105 */ 106 void sm_set_authentication_requirements(uint8_t auth_req); 107 108 /** 109 * @brief Sets the available IO Capabilities 110 * @param IO_CAPABILITY_ 111 */ 112 void sm_set_io_capabilities(io_capability_t io_capability); 113 114 /** 115 * @brief Let Peripheral request an encrypted connection right after connecting 116 * @note Not used normally. Bonding is triggered by access to protected attributes in ATT Server 117 */ 118 void sm_set_request_security(int enable); 119 120 /** 121 * @brief Trigger Security Request 122 * @note Not used normally. Bonding is triggered by access to protected attributes in ATT Server 123 */ 124 void sm_send_security_request(uint16_t handle); 125 126 /** 127 * @brief Decline bonding triggered by event before 128 * @param addr_type and address 129 */ 130 void sm_bonding_decline(uint16_t handle); 131 132 /** 133 * @brief Confirm Just Works bonding 134 * @param addr_type and address 135 */ 136 void sm_just_works_confirm(uint16_t handle); 137 138 /** 139 * @brief Reports passkey input by user 140 * @param addr_type and address 141 * @param passkey in [0..999999] 142 */ 143 void sm_passkey_input(uint16_t handle, uint32_t passkey); 144 145 /** 146 * 147 * @brief Get encryption key size. 148 * @param addr_type and address 149 * @return 0 if not encrypted, 7-16 otherwise 150 */ 151 int sm_encryption_key_size(uint16_t handle); 152 153 /** 154 * @brief Get authentication property. 155 * @param addr_type and address 156 * @return 1 if bonded with OOB/Passkey (AND MITM protection) 157 */ 158 int sm_authenticated(uint16_t handle); 159 160 /** 161 * @brief Queries authorization state. 162 * @param addr_type and address 163 * @return authorization_state for the current session 164 */ 165 authorization_state_t sm_authorization_state(uint16_t handle); 166 167 /** 168 * @brief Used by att_server.c to request user authorization. 169 * @param addr_type and address 170 */ 171 void sm_request_pairing(uint16_t handle); 172 173 /** 174 * @brief Report user authorization decline. 175 * @param addr_type and address 176 */ 177 void sm_authorization_decline(uint16_t handle); 178 179 /** 180 * @brief Report user authorization grant. 181 * @param addr_type and address 182 */ 183 void sm_authorization_grant(uint16_t handle); 184 185 /** 186 * @brief Support for signed writes, used by att_server. 187 * @note Message is in little endian to allows passing in ATT PDU without flipping. 188 * @note calculated hash in done_callback is big endian 189 */ 190 int sm_cmac_ready(void); 191 void sm_cmac_start(sm_key_t k, uint8_t opcode, uint16_t attribute_handle, uint16_t message_len, uint8_t * message, uint32_t sign_counter, void (*done_handler)(uint8_t hash[8])); 192 193 /* 194 * @brief Match address against bonded devices 195 * @return 0 if successfully added to lookup queue 196 * @note Triggers SM_IDENTITY_RESOLVING_* events 197 */ 198 int sm_address_resolution_lookup(uint8_t addr_type, bd_addr_t addr); 199 200 /** 201 * @brief Identify device in LE Device DB. 202 * @param handle 203 * @return index from le_device_db or -1 if not found/identified 204 */ 205 int sm_le_device_index(uint16_t handle ); 206 /* API_END */ 207 208 #if defined __cplusplus 209 } 210 #endif 211 212 #endif // __SM_H 213