Merge branch 'ble-security-config-option'
This commit is contained in:
commit
b851e8cd1b
11 changed files with 53 additions and 23 deletions
|
@ -42,7 +42,6 @@
|
|||
#define MICROBIT_BLE_POWER_LEVELS 8
|
||||
#define MICROBIT_BLE_MAXIMUM_BONDS 4
|
||||
#define MICROBIT_BLE_ENABLE_BONDING true
|
||||
#define MICROBIT_BLE_REQUIRE_MITM true
|
||||
extern const int8_t MICROBIT_BLE_POWER_LEVEL[];
|
||||
|
||||
/**
|
||||
|
|
|
@ -140,10 +140,36 @@
|
|||
|
||||
// Enable/Disable the use of private resolvable addresses.
|
||||
// Set '1' to enable.
|
||||
// n.b. This is known to be a feature that suffers compatibility issues with many BLE central devices.
|
||||
#ifndef MICROBIT_BLE_PRIVATE_ADDRESSES
|
||||
#define MICROBIT_BLE_PRIVATE_ADDRESSES 0
|
||||
#endif
|
||||
|
||||
// Convenience option to enable / disable BLE security entirely
|
||||
// Open BLE links are not secure, but commonly used during the development of BLE services
|
||||
// Set '1' to disable all secuity
|
||||
#ifndef MICROBIT_BLE_OPEN
|
||||
#define MICROBIT_BLE_OPEN 0
|
||||
#endif
|
||||
|
||||
// Configure for open BLE operation if so configured
|
||||
#if (MICROBIT_BLE_OPEN == 1)
|
||||
#define MICROBIT_BLE_SECURITY_LEVEL SECURITY_MODE_ENCRYPTION_OPEN_LINK
|
||||
#define MICROBIT_BLE_WHITELIST 0
|
||||
#define MICROBIT_BLE_ADVERTISING_TIMEOUT 0
|
||||
#endif
|
||||
|
||||
|
||||
// Define the default, global BLE security requirements for MicroBit BLE services
|
||||
// May be one of the following options (see mbed's SecurityManager class implementaiton detail)
|
||||
// SECURITY_MODE_ENCRYPTION_OPEN_LINK: No bonding, encryption, or whitelisting required.
|
||||
// SECURITY_MODE_ENCRYPTION_NO_MITM: Bonding, encyption and whitelisting but no passkey.
|
||||
// SECURITY_MODE_ENCRYPTION_WITH_MITM: Bonding, encrytion and whitelisting with passkey authentication.
|
||||
//
|
||||
#ifndef MICROBIT_BLE_SECURITY_LEVEL
|
||||
#define MICROBIT_BLE_SECURITY_LEVEL SECURITY_MODE_ENCRYPTION_WITH_MITM
|
||||
#endif
|
||||
|
||||
// Enable/Disbale the use of BLE whitelisting.
|
||||
// If enabled, the micro:bit will only respond to conneciton requests from
|
||||
// known, bonded devices.
|
||||
|
|
|
@ -31,8 +31,8 @@ MicroBitAccelerometerService::MicroBitAccelerometerService(BLEDevice &_ble) :
|
|||
accelerometerPeriodCharacteristicBuffer = uBit.accelerometer.getPeriod();
|
||||
|
||||
// Set default security requirements
|
||||
accelerometerDataCharacteristic.requireSecurity(SecurityManager::SECURITY_MODE_ENCRYPTION_WITH_MITM);
|
||||
accelerometerPeriodCharacteristic.requireSecurity(SecurityManager::SECURITY_MODE_ENCRYPTION_WITH_MITM);
|
||||
accelerometerDataCharacteristic.requireSecurity(SecurityManager::MICROBIT_BLE_SECURITY_LEVEL);
|
||||
accelerometerPeriodCharacteristic.requireSecurity(SecurityManager::MICROBIT_BLE_SECURITY_LEVEL);
|
||||
|
||||
GattCharacteristic *characteristics[] = {&accelerometerDataCharacteristic, &accelerometerPeriodCharacteristic};
|
||||
GattService service(MicroBitAccelerometerServiceUUID, characteristics, sizeof(characteristics) / sizeof(GattCharacteristic *));
|
||||
|
|
|
@ -168,9 +168,14 @@ void MicroBitBLEManager::advertise()
|
|||
void MicroBitBLEManager::init(ManagedString deviceName, ManagedString serialNumber, bool enableBonding)
|
||||
{
|
||||
ManagedString BLEName("BBC micro:bit");
|
||||
|
||||
this->deviceName = deviceName;
|
||||
|
||||
#if !(CONFIG_ENABLED(MICROBIT_BLE_WHITELIST))
|
||||
ManagedString namePrefix(" [");
|
||||
ManagedString namePostfix("]");
|
||||
BLEName = BLEName + namePrefix + deviceName + namePostfix;
|
||||
#endif
|
||||
|
||||
// Start the BLE stack.
|
||||
ble = new BLEDevice();
|
||||
ble->init();
|
||||
|
@ -194,7 +199,7 @@ void MicroBitBLEManager::init(ManagedString deviceName, ManagedString serialNumb
|
|||
// Setup our security requirements.
|
||||
ble->securityManager().onPasskeyDisplay(passkeyDisplayCallback);
|
||||
ble->securityManager().onSecuritySetupCompleted(securitySetupCompletedCallback);
|
||||
ble->securityManager().init(enableBonding, MICROBIT_BLE_REQUIRE_MITM, SecurityManager::IO_CAPS_DISPLAY_ONLY);
|
||||
ble->securityManager().init(enableBonding, (SecurityManager::MICROBIT_BLE_SECURITY_LEVEL == SecurityManager::SECURITY_MODE_ENCRYPTION_WITH_MITM), SecurityManager::IO_CAPS_DISPLAY_ONLY);
|
||||
|
||||
if (enableBonding)
|
||||
{
|
||||
|
|
|
@ -29,8 +29,8 @@ MicroBitButtonService::MicroBitButtonService(BLEDevice &_ble) :
|
|||
buttonBDataCharacteristicBuffer = 0;
|
||||
|
||||
// Set default security requirements
|
||||
buttonADataCharacteristic.requireSecurity(SecurityManager::SECURITY_MODE_ENCRYPTION_WITH_MITM);
|
||||
buttonBDataCharacteristic.requireSecurity(SecurityManager::SECURITY_MODE_ENCRYPTION_WITH_MITM);
|
||||
buttonADataCharacteristic.requireSecurity(SecurityManager::MICROBIT_BLE_SECURITY_LEVEL);
|
||||
buttonBDataCharacteristic.requireSecurity(SecurityManager::MICROBIT_BLE_SECURITY_LEVEL);
|
||||
|
||||
GattCharacteristic *characteristics[] = {&buttonADataCharacteristic, &buttonBDataCharacteristic};
|
||||
GattService service(MicroBitButtonServiceUUID, characteristics, sizeof(characteristics) / sizeof(GattCharacteristic *));
|
||||
|
|
|
@ -50,7 +50,7 @@ MicroBitDFUService::MicroBitDFUService(BLEDevice &_ble) :
|
|||
controlByte = 0x00;
|
||||
|
||||
// Set default security requirements
|
||||
microBitDFUServiceControlCharacteristic.requireSecurity(SecurityManager::SECURITY_MODE_ENCRYPTION_WITH_MITM);
|
||||
microBitDFUServiceControlCharacteristic.requireSecurity(SecurityManager::MICROBIT_BLE_SECURITY_LEVEL);
|
||||
|
||||
GattCharacteristic *characteristics[] = {µBitDFUServiceControlCharacteristic};
|
||||
GattService service(MicroBitDFUServiceUUID, characteristics, sizeof(characteristics) / sizeof(GattCharacteristic *));
|
||||
|
|
|
@ -35,10 +35,10 @@ MicroBitEventService::MicroBitEventService(BLEDevice &_ble) :
|
|||
messageBusListenerOffset = 0;
|
||||
|
||||
// Set default security requirements
|
||||
microBitEventCharacteristic.requireSecurity(SecurityManager::SECURITY_MODE_ENCRYPTION_WITH_MITM);
|
||||
clientEventCharacteristic.requireSecurity(SecurityManager::SECURITY_MODE_ENCRYPTION_WITH_MITM);
|
||||
clientRequirementsCharacteristic.requireSecurity(SecurityManager::SECURITY_MODE_ENCRYPTION_WITH_MITM);
|
||||
microBitRequirementsCharacteristic->requireSecurity(SecurityManager::SECURITY_MODE_ENCRYPTION_WITH_MITM);
|
||||
microBitEventCharacteristic.requireSecurity(SecurityManager::MICROBIT_BLE_SECURITY_LEVEL);
|
||||
clientEventCharacteristic.requireSecurity(SecurityManager::MICROBIT_BLE_SECURITY_LEVEL);
|
||||
clientRequirementsCharacteristic.requireSecurity(SecurityManager::MICROBIT_BLE_SECURITY_LEVEL);
|
||||
microBitRequirementsCharacteristic->requireSecurity(SecurityManager::MICROBIT_BLE_SECURITY_LEVEL);
|
||||
|
||||
GattCharacteristic *characteristics[] = {µBitEventCharacteristic, &clientEventCharacteristic, &clientRequirementsCharacteristic, microBitRequirementsCharacteristic};
|
||||
GattService service(MicroBitEventServiceUUID, characteristics, sizeof(characteristics) / sizeof(GattCharacteristic *));
|
||||
|
|
|
@ -32,9 +32,9 @@ MicroBitIOPinService::MicroBitIOPinService(BLEDevice &_ble) :
|
|||
memset(ioPinServiceIOData, 0, sizeof(ioPinServiceIOData));
|
||||
|
||||
// Set default security requirements
|
||||
ioPinServiceADCharacteristic.requireSecurity(SecurityManager::SECURITY_MODE_ENCRYPTION_WITH_MITM);
|
||||
ioPinServiceIOCharacteristic.requireSecurity(SecurityManager::SECURITY_MODE_ENCRYPTION_WITH_MITM);
|
||||
ioPinServiceDataCharacteristic->requireSecurity(SecurityManager::SECURITY_MODE_ENCRYPTION_WITH_MITM);
|
||||
ioPinServiceADCharacteristic.requireSecurity(SecurityManager::MICROBIT_BLE_SECURITY_LEVEL);
|
||||
ioPinServiceIOCharacteristic.requireSecurity(SecurityManager::MICROBIT_BLE_SECURITY_LEVEL);
|
||||
ioPinServiceDataCharacteristic->requireSecurity(SecurityManager::MICROBIT_BLE_SECURITY_LEVEL);
|
||||
|
||||
GattCharacteristic *characteristics[] = {&ioPinServiceADCharacteristic, &ioPinServiceIOCharacteristic, ioPinServiceDataCharacteristic};
|
||||
GattService service(MicroBitIOPinServiceUUID, characteristics, sizeof(characteristics) / sizeof(GattCharacteristic *));
|
||||
|
|
|
@ -33,9 +33,9 @@ MicroBitLEDService::MicroBitLEDService(BLEDevice &_ble) :
|
|||
matrixCharacteristic.setReadAuthorizationCallback(this, &MicroBitLEDService::onDataRead);
|
||||
|
||||
// Set default security requirements
|
||||
matrixCharacteristic.requireSecurity(SecurityManager::SECURITY_MODE_ENCRYPTION_WITH_MITM);
|
||||
textCharacteristic.requireSecurity(SecurityManager::SECURITY_MODE_ENCRYPTION_WITH_MITM);
|
||||
scrollingSpeedCharacteristic.requireSecurity(SecurityManager::SECURITY_MODE_ENCRYPTION_WITH_MITM);
|
||||
matrixCharacteristic.requireSecurity(SecurityManager::MICROBIT_BLE_SECURITY_LEVEL);
|
||||
textCharacteristic.requireSecurity(SecurityManager::MICROBIT_BLE_SECURITY_LEVEL);
|
||||
scrollingSpeedCharacteristic.requireSecurity(SecurityManager::MICROBIT_BLE_SECURITY_LEVEL);
|
||||
|
||||
GattCharacteristic *characteristics[] = {&matrixCharacteristic, &textCharacteristic, &scrollingSpeedCharacteristic};
|
||||
GattService service(MicroBitLEDServiceUUID, characteristics, sizeof(characteristics) / sizeof(GattCharacteristic *));
|
||||
|
|
|
@ -35,9 +35,9 @@ MicroBitMagnetometerService::MicroBitMagnetometerService(BLEDevice &_ble) :
|
|||
magnetometerPeriodCharacteristicBuffer = uBit.compass.getPeriod();
|
||||
|
||||
// Set default security requirements
|
||||
magnetometerDataCharacteristic.requireSecurity(SecurityManager::SECURITY_MODE_ENCRYPTION_WITH_MITM);
|
||||
magnetometerBearingCharacteristic.requireSecurity(SecurityManager::SECURITY_MODE_ENCRYPTION_WITH_MITM);
|
||||
magnetometerPeriodCharacteristic.requireSecurity(SecurityManager::SECURITY_MODE_ENCRYPTION_WITH_MITM);
|
||||
magnetometerDataCharacteristic.requireSecurity(SecurityManager::MICROBIT_BLE_SECURITY_LEVEL);
|
||||
magnetometerBearingCharacteristic.requireSecurity(SecurityManager::MICROBIT_BLE_SECURITY_LEVEL);
|
||||
magnetometerPeriodCharacteristic.requireSecurity(SecurityManager::MICROBIT_BLE_SECURITY_LEVEL);
|
||||
|
||||
GattCharacteristic *characteristics[] = {&magnetometerDataCharacteristic, &magnetometerBearingCharacteristic, &magnetometerPeriodCharacteristic};
|
||||
GattService service(MicroBitMagnetometerServiceUUID, characteristics, sizeof(characteristics) / sizeof(GattCharacteristic *));
|
||||
|
|
|
@ -28,8 +28,8 @@ MicroBitTemperatureService::MicroBitTemperatureService(BLEDevice &_ble) :
|
|||
temperaturePeriodCharacteristicBuffer = uBit.thermometer.getPeriod();
|
||||
|
||||
// Set default security requirements
|
||||
temperatureDataCharacteristic.requireSecurity(SecurityManager::SECURITY_MODE_ENCRYPTION_WITH_MITM);
|
||||
temperaturePeriodCharacteristic.requireSecurity(SecurityManager::SECURITY_MODE_ENCRYPTION_WITH_MITM);
|
||||
temperatureDataCharacteristic.requireSecurity(SecurityManager::MICROBIT_BLE_SECURITY_LEVEL);
|
||||
temperaturePeriodCharacteristic.requireSecurity(SecurityManager::MICROBIT_BLE_SECURITY_LEVEL);
|
||||
|
||||
GattCharacteristic *characteristics[] = {&temperatureDataCharacteristic, &temperaturePeriodCharacteristic};
|
||||
GattService service(MicroBitTemperatureServiceUUID, characteristics, sizeof(characteristics) / sizeof(GattCharacteristic *));
|
||||
|
|
Loading…
Reference in a new issue