diff --git a/features/FEATURE_BLE/ble/GattCharacteristic.h b/features/FEATURE_BLE/ble/GattCharacteristic.h index 0f8489dc4c8..96ab7f685d7 100644 --- a/features/FEATURE_BLE/ble/GattCharacteristic.h +++ b/features/FEATURE_BLE/ble/GattCharacteristic.h @@ -1426,32 +1426,6 @@ class GattCharacteristic { } public: - /** - * Set up the minimum security (mode and level) requirements for access to - * the characteristic's value attribute. - * - * @param[in] securityMode Can be one of encryption or signing, with or - * without protection for man in the middle attacks (MITM). - * - * @deprecated Fine grained security check has been added to with mbed OS - * 5.9. It is possible to set independently security requirements for read, - * write and update operations. In the meantime SecurityManager::SecurityMode_t - * is not used anymore to represent security requirements as it maps - * incorrectly the Bluetooth standard. - */ - MBED_DEPRECATED_SINCE( - "mbed-os-5.9", - "Use setWriteSecurityRequirements, setReadSecurityRequirements and " - "setUpdateSecurityRequirements" - ) - void requireSecurity(SecurityManager::SecurityMode_t securityMode) - { - SecurityRequirement_t sec_requirements = SecurityModeToAttSecurity(securityMode); - - _valueAttribute.setReadSecurityRequirement(sec_requirements); - _valueAttribute.setWriteSecurityRequirement(sec_requirements); - _update_security = sec_requirements.value(); - } /** * Set all security requirements of the characteristic. @@ -1729,62 +1703,6 @@ class GattCharacteristic { return _properties; } - /** - * Get the characteristic's required security. - * - * @return The characteristic's required security. - * - * @deprecated Fine grained security check has been added to with mbed OS - * 5.9. It is possible to set independently security requirements for read, - * write and update operations. In the meantime SecurityManager::SecurityMode_t - * is not used anymore to represent security requirements as it maps - * incorrectly the Bluetooth standard. - */ - MBED_DEPRECATED_SINCE( - "mbed-os-5.9", - "Use getWriteSecurityRequirements, getReadSecurityRequirements and " - "getUpdateSecurityRequirements" - ) - SecurityManager::SecurityMode_t getRequiredSecurity() const - { - SecurityRequirement_t max_sec = std::max( - std::max( - getReadSecurityRequirement(), - getWriteSecurityRequirement() - ), - getUpdateSecurityRequirement() - ); - - bool needs_signing = - _properties & BLE_GATT_CHAR_PROPERTIES_AUTHENTICATED_SIGNED_WRITES; - - switch(max_sec.value()) { - case SecurityRequirement_t::NONE: - MBED_ASSERT(needs_signing == false); - return SecurityManager::SECURITY_MODE_ENCRYPTION_OPEN_LINK; -#if BLE_FEATURE_SECURITY - case SecurityRequirement_t::UNAUTHENTICATED: - return (needs_signing) ? - SecurityManager::SECURITY_MODE_SIGNED_NO_MITM : - SecurityManager::SECURITY_MODE_ENCRYPTION_NO_MITM; - - case SecurityRequirement_t::AUTHENTICATED: - return (needs_signing) ? - SecurityManager::SECURITY_MODE_SIGNED_WITH_MITM : - SecurityManager::SECURITY_MODE_ENCRYPTION_WITH_MITM; -#if BLE_FEATURE_SECURE_CONNECTIONS - case SecurityRequirement_t::SC_AUTHENTICATED: - MBED_ASSERT(needs_signing == false); - // fallback to encryption with MITM - return SecurityManager::SECURITY_MODE_ENCRYPTION_WITH_MITM; -#endif // BLE_FEATURE_SECURE_CONNECTIONS -#endif // BLE_FEATURE_SECURITY - default: - MBED_ASSERT(false); - return SecurityManager::SECURITY_MODE_NO_ACCESS; - } - } - /** * Get the total number of descriptors within this characteristic. * @@ -1840,42 +1758,6 @@ class GattCharacteristic { private: - /** - * Loosely convert a SecurityManager::SecurityMode_t into a - * SecurityRequirement_t. - * - * @param[in] mode The security mode to convert - * - * @return The security requirement equivalent to the security mode in input. - */ - SecurityRequirement_t SecurityModeToAttSecurity( - SecurityManager::SecurityMode_t mode - ) { - switch(mode) { - case SecurityManager::SECURITY_MODE_ENCRYPTION_OPEN_LINK: - case SecurityManager::SECURITY_MODE_NO_ACCESS: - // assuming access is managed by property and orthogonal to - // security mode ... - return SecurityRequirement_t::NONE; -#if BLE_FEATURE_SECURITY - case SecurityManager::SECURITY_MODE_ENCRYPTION_NO_MITM: -#if BLE_FEATURE_SIGNING - case SecurityManager::SECURITY_MODE_SIGNED_NO_MITM: -#endif - return SecurityRequirement_t::UNAUTHENTICATED; - - case SecurityManager::SECURITY_MODE_ENCRYPTION_WITH_MITM: -#if BLE_FEATURE_SIGNING - case SecurityManager::SECURITY_MODE_SIGNED_WITH_MITM: -#endif - return SecurityRequirement_t::AUTHENTICATED; -#endif // BLE_FEATURE_SECURITY - default: - // should not happens; makes the compiler happy. - return SecurityRequirement_t::NONE; - } - } - /** * Attribute that contains the actual value of this characteristic. */ diff --git a/features/FEATURE_BLE/ble/GattClient.h b/features/FEATURE_BLE/ble/GattClient.h index 79f214a5c59..3eb9b63e85f 100644 --- a/features/FEATURE_BLE/ble/GattClient.h +++ b/features/FEATURE_BLE/ble/GattClient.h @@ -525,25 +525,6 @@ class GattClient : public StaticInterface { return onDataWriteCallbackChain; } - /** - * Register an attribute write event handler. - * - * @param[in] callback Event handler being registered. - * - * @note It is possible to remove registered handlers using - * onDataWritten().detach(callbackToRemove). - * - * @note Write commands (issued using writeWoResponse) don't generate a - * response. - * - * @deprecated Use GattServer::onDataWritten(). - */ - MBED_DEPRECATED("Use GattServer::onDataWritten()") - void onDataWrite(WriteCallback_t callback) - { - onDataWritten(callback); - } - /** * Register a service discovery termination event handler. * diff --git a/features/FEATURE_BLE/ble/SecurityManager.h b/features/FEATURE_BLE/ble/SecurityManager.h index 7ca601c5f83..6722ede557e 100644 --- a/features/FEATURE_BLE/ble/SecurityManager.h +++ b/features/FEATURE_BLE/ble/SecurityManager.h @@ -213,17 +213,6 @@ class SecurityManager { SECURITY_MODE_SIGNED_WITH_MITM, /**< Require signing or encryption, and MITM protection. */ }; - /** - * @brief Defines possible security status or states. - * - * @details Defines possible security status or states of a link when requested by getLinkSecurity(). - */ - enum LinkSecurityStatus_t { - NOT_ENCRYPTED, /**< The link is not secured. */ - ENCRYPTION_IN_PROGRESS, /**< Link security is being established.*/ - ENCRYPTED /**< The link is secure.*/ - }; - /** Input/output capability of the device and application */ enum SecurityIOCapabilities_t { IO_CAPS_DISPLAY_ONLY = 0x00, /**< Display only. */ @@ -263,13 +252,6 @@ class SecurityManager { typedef FunctionPointerWithContext SecurityManagerShutdownCallback_t; typedef CallChainOfFunctionPointersWithContext SecurityManagerShutdownCallbackChain_t; - /* legacy callbacks, please use SecurityManagerEventHandler instead */ - typedef void (*HandleSpecificEvent_t)(ble::connection_handle_t connectionHandle); - typedef void (*SecuritySetupInitiatedCallback_t)(ble::connection_handle_t, bool allowBonding, bool requireMITM, SecurityIOCapabilities_t iocaps); - typedef void (*SecuritySetupCompletedCallback_t)(ble::connection_handle_t, SecurityCompletionStatus_t status); - typedef void (*LinkSecuredCallback_t)(ble::connection_handle_t connectionHandle, SecurityMode_t securityMode); - typedef void (*PasskeyDisplayCallback_t)(ble::connection_handle_t connectionHandle, const Passkey_t passkey); - /** The stack will use these functions to signal events to the application, * subclass to override handlers. Use SecurityManager::setSecurityManagerEventHandler * to set the interface implementation to be used. */ @@ -880,141 +862,6 @@ class SecurityManager { ~SecurityManager() { }; -public: - /** - * @deprecated use generateWhitelistFromBondTable instead - * - * Get a list of addresses from all peers in the bond table. - * - * @param[in,out] addresses - * (on input) addresses.capacity contains the maximum - * number of addresses to be returned. - * (on output) The populated table with copies of the - * addresses in the implementation's whitelist. - * - * @retval BLE_ERROR_NONE On success, else an error code indicating reason for failure. - * @retval BLE_ERROR_INVALID_STATE If the API is called without module initialization or - * application registration. - */ - ble_error_t getAddressesFromBondTable(::Gap::Whitelist_t &addresses) const; - - /** - * @deprecated - * - * Get the security status of a connection. - * - * @param[in] connectionHandle Handle to identify the connection. - * @param[out] securityStatus Security status. - * - * @return BLE_ERROR_NONE or appropriate error code indicating the failure reason. - */ - ble_error_t getLinkSecurity(ble::connection_handle_t connectionHandle, LinkSecurityStatus_t *securityStatus) { - ble::link_encryption_t encryption(ble::link_encryption_t::NOT_ENCRYPTED); - ble_error_t err = getLinkEncryption(connectionHandle, &encryption); - if (err) { - return err; - } - - switch (encryption.value()) { - case ble::link_encryption_t::NOT_ENCRYPTED: - *securityStatus = NOT_ENCRYPTED; - break; - case ble::link_encryption_t::ENCRYPTION_IN_PROGRESS: - *securityStatus = ENCRYPTION_IN_PROGRESS; - break; - case ble::link_encryption_t::ENCRYPTED: - case ble::link_encryption_t::ENCRYPTED_WITH_MITM: - case ble::link_encryption_t::ENCRYPTED_WITH_SC_AND_MITM: - *securityStatus = ENCRYPTED; - break; - default: - // should never happen - MBED_ASSERT(false); - *securityStatus = NOT_ENCRYPTED; - break; - } - - return BLE_ERROR_NONE; - } - - /** - * @deprecated - * - * To indicate that a security procedure for the link has started. - */ - void onSecuritySetupInitiated(SecuritySetupInitiatedCallback_t callback) { - defaultEventHandler.securitySetupInitiatedCallback = callback; - } - - /** - * @deprecated - * - * To indicate that the security procedure for the link has completed. - */ - void onSecuritySetupCompleted(SecuritySetupCompletedCallback_t callback) { - defaultEventHandler.securitySetupCompletedCallback = callback; - } - - /** - * @deprecated - * - * To indicate that the link with the peer is secured. For bonded devices, - * subsequent reconnections with a bonded peer will result only in this callback - * when the link is secured; setup procedures will not occur (unless the - * bonding information is either lost or deleted on either or both sides). - */ - void onLinkSecured(LinkSecuredCallback_t callback) { - defaultEventHandler.linkSecuredCallback = callback; - } - - /** - * @deprecated - * - * To indicate that device context is stored persistently. - */ - void onSecurityContextStored(HandleSpecificEvent_t callback) { - defaultEventHandler.securityContextStoredCallback = callback; - } - - /** @deprecated - * - * To set the callback for when the passkey needs to be displayed on a peripheral with DISPLAY capability. - */ - void onPasskeyDisplay(PasskeyDisplayCallback_t callback) { - defaultEventHandler.passkeyDisplayCallback = callback; - } - - /* Entry points for the underlying stack to report events back to the user. */ -public: - /** @deprecated */ - void processSecuritySetupInitiatedEvent(ble::connection_handle_t connectionHandle, bool allowBonding, bool requireMITM, SecurityIOCapabilities_t iocaps) { - if (defaultEventHandler.securitySetupInitiatedCallback) { - defaultEventHandler.securitySetupInitiatedCallback(connectionHandle, allowBonding, requireMITM, iocaps); - } - } - /** @deprecated */ - void processSecuritySetupCompletedEvent(ble::connection_handle_t connectionHandle, SecurityCompletionStatus_t status) { - eventHandler->pairingResult(connectionHandle, status); - } - /** @deprecated */ - void processLinkSecuredEvent(ble::connection_handle_t connectionHandle, SecurityMode_t securityMode) { - if (securityMode == SECURITY_MODE_ENCRYPTION_NO_MITM) { - eventHandler->linkEncryptionResult(connectionHandle, ble::link_encryption_t::ENCRYPTED); - } else { - eventHandler->linkEncryptionResult(connectionHandle, ble::link_encryption_t::NOT_ENCRYPTED); - } - } - /** @deprecated */ - void processSecurityContextStoredEvent(ble::connection_handle_t connectionHandle) { - if (defaultEventHandler.securityContextStoredCallback) { - defaultEventHandler.securityContextStoredCallback(connectionHandle); - } - } - /** @deprecated */ - void processPasskeyDisplayEvent(ble::connection_handle_t connectionHandle, const Passkey_t passkey) { - eventHandler->passkeyDisplay(connectionHandle, passkey); - } - protected: /* --- _virtual_ implementations declaration --- */ @@ -1136,62 +983,12 @@ class SecurityManager { bool authenticated ); - ble_error_t getAddressesFromBondTable_(::Gap::Whitelist_t &addresses) const; - -private: - /* Legacy compatibility with old callbacks (from both sides so any - * combination of new and old works) */ - class LegacyEventHandler : public EventHandler { - public: - LegacyEventHandler() : - securitySetupInitiatedCallback(), - securitySetupCompletedCallback(), - linkSecuredCallback(), - securityContextStoredCallback(), - passkeyDisplayCallback() { }; - - virtual void pairingResult(ble::connection_handle_t connectionHandle, SecurityCompletionStatus_t result) { - if (securitySetupCompletedCallback) { - securitySetupCompletedCallback(connectionHandle, result); - } - } - - virtual void linkEncryptionResult(ble::connection_handle_t connectionHandle, ble::link_encryption_t result) { - if (linkSecuredCallback) { - SecurityMode_t securityMode; - if (result == ble::link_encryption_t::ENCRYPTED) { - securityMode = SECURITY_MODE_ENCRYPTION_NO_MITM; - } else if ( - result == ble::link_encryption_t::ENCRYPTED_WITH_MITM || - result == ble::link_encryption_t::ENCRYPTED_WITH_SC_AND_MITM - ) { - securityMode = SECURITY_MODE_ENCRYPTION_WITH_MITM; - } else { - securityMode = SECURITY_MODE_ENCRYPTION_OPEN_LINK; - } - linkSecuredCallback(connectionHandle, securityMode); - } - }; - - virtual void passkeyDisplay(ble::connection_handle_t connectionHandle, const Passkey_t passkey) { - if (passkeyDisplayCallback) { - passkeyDisplayCallback(connectionHandle, passkey); - } - }; - - SecuritySetupInitiatedCallback_t securitySetupInitiatedCallback; - SecuritySetupCompletedCallback_t securitySetupCompletedCallback; - LinkSecuredCallback_t linkSecuredCallback; - HandleSpecificEvent_t securityContextStoredCallback; - PasskeyDisplayCallback_t passkeyDisplayCallback; - }; - private: SecurityManagerShutdownCallbackChain_t shutdownCallChain; protected: EventHandler* eventHandler; - LegacyEventHandler defaultEventHandler; + EventHandler defaultEventHandler; }; diff --git a/features/FEATURE_BLE/ble/pal/PalSecurityManager.h b/features/FEATURE_BLE/ble/pal/PalSecurityManager.h index d3670e1359b..decfbdaaabb 100644 --- a/features/FEATURE_BLE/ble/pal/PalSecurityManager.h +++ b/features/FEATURE_BLE/ble/pal/PalSecurityManager.h @@ -30,7 +30,6 @@ namespace pal { typedef ::SecurityManager::SecurityCompletionStatus_t SecurityCompletionStatus_t; typedef ::SecurityManager::SecurityMode_t SecurityMode_t; -typedef ::SecurityManager::LinkSecurityStatus_t LinkSecurityStatus_t; typedef ::SecurityManager::Keypress_t Keypress_t; /** diff --git a/features/FEATURE_BLE/source/SecurityManager.tpp b/features/FEATURE_BLE/source/SecurityManager.tpp index 6509a4c2c86..ef8f43f4825 100644 --- a/features/FEATURE_BLE/source/SecurityManager.tpp +++ b/features/FEATURE_BLE/source/SecurityManager.tpp @@ -247,20 +247,6 @@ ble_error_t SecurityManager::getSigningKey( return impl()->getSigningKey_(connectionHandle, authenticated); } -template -ble_error_t SecurityManager::getAddressesFromBondTable( - ::Gap::Whitelist_t &addresses -) const { - return impl()->getAddressesFromBondTable_(addresses); -} - -template -ble_error_t SecurityManager::getAddressesFromBondTable_( - ::Gap::Whitelist_t &addresses -) const { - return BLE_ERROR_NOT_IMPLEMENTED; -} - /* ------------------------ Dummy implementations --------------------------- */ template