Loading system/gd/security/Android.bp +1 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,7 @@ filegroup { "ecc/multprecision.cc", "ecc/p_256_ecc_pp.cc", "ecdh_keys.cc", "facade_configuration_api.cc", "pairing_handler_le.cc", "pairing_handler_le_legacy.cc", "pairing_handler_le_secure_connections.cc", Loading system/gd/security/facade.cc +76 −0 Original line number Diff line number Diff line Loading @@ -92,6 +92,82 @@ class SecurityModuleFacadeService : public SecurityModuleFacade::Service, public return bond_events_.RunLoop(context, writer); } ::grpc::Status SetIoCapabilities(::grpc::ServerContext* context, const IoCapabilitiesMessage* request, ::google::protobuf::Empty* response) override { hci::IoCapability io_capability = hci::IoCapability::NO_INPUT_NO_OUTPUT; switch (request->capability()) { case IoCapabilities::DISPLAY_ONLY: io_capability = hci::IoCapability::DISPLAY_ONLY; break; case IoCapabilities::DISPLAY_YES_NO_IO_CAP: io_capability = hci::IoCapability::DISPLAY_YES_NO; break; case IoCapabilities::KEYBOARD_ONLY: io_capability = hci::IoCapability::KEYBOARD_ONLY; break; case IoCapabilities::NO_INPUT_NO_OUTPUT: io_capability = hci::IoCapability::NO_INPUT_NO_OUTPUT; break; default: LOG_ERROR("Unknown IoCapability %d", static_cast<int>(request->capability())); } security_module_->GetFacadeConfigurationApi()->SetIoCapabilities(io_capability); return ::grpc::Status::OK; } ::grpc::Status SetAuthenticationRequirements(::grpc::ServerContext* context, const AuthenticationRequirementsMessage* request, ::google::protobuf::Empty* response) override { hci::AuthenticationRequirements authentication_requirements = hci::AuthenticationRequirements::NO_BONDING; switch (request->requirement()) { case AuthenticationRequirements::NO_BONDING: authentication_requirements = hci::AuthenticationRequirements::NO_BONDING; break; case AuthenticationRequirements::NO_BONDING_MITM_PROTECTION: authentication_requirements = hci::AuthenticationRequirements::NO_BONDING_MITM_PROTECTION; break; case AuthenticationRequirements::DEDICATED_BONDING: authentication_requirements = hci::AuthenticationRequirements::DEDICATED_BONDING; break; case AuthenticationRequirements::DEDICATED_BONDING_MITM_PROTECTION: authentication_requirements = hci::AuthenticationRequirements::DEDICATED_BONDING_MITM_PROTECTION; break; case AuthenticationRequirements::GENERAL_BONDING: authentication_requirements = hci::AuthenticationRequirements::GENERAL_BONDING; break; case AuthenticationRequirements::GENERAL_BONDING_MITM_PROTECTION: authentication_requirements = hci::AuthenticationRequirements::GENERAL_BONDING_MITM_PROTECTION; break; default: LOG_ERROR("Unknown Authentication Requirements %d", static_cast<int>(request->requirement())); } security_module_->GetFacadeConfigurationApi()->SetAuthenticationRequirements(authentication_requirements); return ::grpc::Status::OK; } ::grpc::Status SetOobDataPresent(::grpc::ServerContext* context, const OobDataMessage* request, ::google::protobuf::Empty* response) override { hci::OobDataPresent data_present = hci::OobDataPresent::NOT_PRESENT; switch (request->data_present()) { case OobDataPresent::NOT_PRESENT: data_present = hci::OobDataPresent::NOT_PRESENT; break; case OobDataPresent::P192_PRESENT: data_present = hci::OobDataPresent::P_192_PRESENT; break; case OobDataPresent::P256_PRESENT: data_present = hci::OobDataPresent::P_256_PRESENT; break; case OobDataPresent::P192_AND_256_PRESENT: data_present = hci::OobDataPresent::P_192_AND_256_PRESENT; break; default: LOG_ERROR("Unknown oob data present %d", static_cast<int>(data_present())); } security_module_->GetFacadeConfigurationApi()->SetOobData(data_present); return ::grpc::Status::OK; } void DisplayPairingPrompt(const bluetooth::hci::AddressWithType& peer, std::string name) { LOG_INFO("%s", peer.ToString().c_str()); UiMsg display_yes_no; Loading system/gd/security/facade.proto +38 −0 Original line number Diff line number Diff line Loading @@ -9,6 +9,9 @@ service SecurityModuleFacade { rpc CreateBond(facade.BluetoothAddressWithType) returns (google.protobuf.Empty) {} rpc CancelBond(facade.BluetoothAddressWithType) returns (google.protobuf.Empty) {} rpc RemoveBond(facade.BluetoothAddressWithType) returns (google.protobuf.Empty) {} rpc SetIoCapabilities(IoCapabilitiesMessage) returns (google.protobuf.Empty) {} rpc SetAuthenticationRequirements(AuthenticationRequirementsMessage) returns (google.protobuf.Empty) {} rpc SetOobDataPresent(OobDataMessage) returns (google.protobuf.Empty) {} rpc SendUiCallback(UiCallbackMsg) returns (google.protobuf.Empty) {} rpc FetchUiEvents(google.protobuf.Empty) returns (stream UiMsg) {} rpc FetchBondEvents(google.protobuf.Empty) returns (stream BondMsg) {} Loading Loading @@ -52,3 +55,38 @@ message BondMsg { BondMsgType message_type = 1; facade.BluetoothAddressWithType peer = 2; } enum IoCapabilities { DISPLAY_ONLY = 0; DISPLAY_YES_NO_IO_CAP = 1; KEYBOARD_ONLY = 2; NO_INPUT_NO_OUTPUT = 3; } message IoCapabilitiesMessage { IoCapabilities capability = 1; } enum AuthenticationRequirements { NO_BONDING = 0; NO_BONDING_MITM_PROTECTION = 1; DEDICATED_BONDING = 2; DEDICATED_BONDING_MITM_PROTECTION = 3; GENERAL_BONDING = 4; GENERAL_BONDING_MITM_PROTECTION = 5; } message AuthenticationRequirementsMessage { AuthenticationRequirements requirement = 1; } enum OobDataPresent { NOT_PRESENT = 0; P192_PRESENT = 1; P256_PRESENT = 2; P192_AND_256_PRESENT = 3; } message OobDataMessage { OobDataPresent data_present = 1; } system/gd/security/facade_configuration_api.cc 0 → 100644 +40 −0 Original line number Diff line number Diff line /* * * Copyright 2019 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at: * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * */ #include "facade_configuration_api.h" #include "os/log.h" namespace bluetooth { namespace security { void FacadeConfigurationApi::SetIoCapabilities(hci::IoCapability io_capability) { security_handler_->Post(common::BindOnce(&internal::SecurityManagerImpl::SetIoCapabilities, common::Unretained(security_manager_impl_), io_capability)); } void FacadeConfigurationApi::SetAuthenticationRequirements(hci::AuthenticationRequirements authentication_requirement) { security_handler_->Post(common::BindOnce(&internal::SecurityManagerImpl::SetAuthenticationRequirements, common::Unretained(security_manager_impl_), authentication_requirement)); } void FacadeConfigurationApi::SetOobData(hci::OobDataPresent data_present) { security_handler_->Post(common::BindOnce(&internal::SecurityManagerImpl::SetOobDataPresent, common::Unretained(security_manager_impl_), data_present)); } } // namespace security } // namespace bluetooth system/gd/security/facade_configuration_api.h 0 → 100644 +55 −0 Original line number Diff line number Diff line /* * * Copyright 2020 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at: * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * */ #pragma once #include <memory> #include <vector> #include "hci/address_with_type.h" #include "hci/hci_packets.h" #include "security/internal/security_manager_impl.h" namespace bluetooth { namespace security { /** * Manages the security attributes, pairing, bonding of devices, and the * encryption/decryption of communications. */ class FacadeConfigurationApi { public: friend class internal::SecurityManagerImpl; friend class SecurityModule; void SetIoCapabilities(hci::IoCapability io_capability); void SetAuthenticationRequirements(hci::AuthenticationRequirements authentication_requirement); void SetOobData(hci::OobDataPresent oob_present); protected: FacadeConfigurationApi(os::Handler* security_handler, internal::SecurityManagerImpl* security_manager_impl) : security_handler_(security_handler), security_manager_impl_(security_manager_impl) {} private: os::Handler* security_handler_ = nullptr; internal::SecurityManagerImpl* security_manager_impl_; DISALLOW_COPY_AND_ASSIGN(FacadeConfigurationApi); }; } // namespace security } // namespace bluetooth Loading
system/gd/security/Android.bp +1 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,7 @@ filegroup { "ecc/multprecision.cc", "ecc/p_256_ecc_pp.cc", "ecdh_keys.cc", "facade_configuration_api.cc", "pairing_handler_le.cc", "pairing_handler_le_legacy.cc", "pairing_handler_le_secure_connections.cc", Loading
system/gd/security/facade.cc +76 −0 Original line number Diff line number Diff line Loading @@ -92,6 +92,82 @@ class SecurityModuleFacadeService : public SecurityModuleFacade::Service, public return bond_events_.RunLoop(context, writer); } ::grpc::Status SetIoCapabilities(::grpc::ServerContext* context, const IoCapabilitiesMessage* request, ::google::protobuf::Empty* response) override { hci::IoCapability io_capability = hci::IoCapability::NO_INPUT_NO_OUTPUT; switch (request->capability()) { case IoCapabilities::DISPLAY_ONLY: io_capability = hci::IoCapability::DISPLAY_ONLY; break; case IoCapabilities::DISPLAY_YES_NO_IO_CAP: io_capability = hci::IoCapability::DISPLAY_YES_NO; break; case IoCapabilities::KEYBOARD_ONLY: io_capability = hci::IoCapability::KEYBOARD_ONLY; break; case IoCapabilities::NO_INPUT_NO_OUTPUT: io_capability = hci::IoCapability::NO_INPUT_NO_OUTPUT; break; default: LOG_ERROR("Unknown IoCapability %d", static_cast<int>(request->capability())); } security_module_->GetFacadeConfigurationApi()->SetIoCapabilities(io_capability); return ::grpc::Status::OK; } ::grpc::Status SetAuthenticationRequirements(::grpc::ServerContext* context, const AuthenticationRequirementsMessage* request, ::google::protobuf::Empty* response) override { hci::AuthenticationRequirements authentication_requirements = hci::AuthenticationRequirements::NO_BONDING; switch (request->requirement()) { case AuthenticationRequirements::NO_BONDING: authentication_requirements = hci::AuthenticationRequirements::NO_BONDING; break; case AuthenticationRequirements::NO_BONDING_MITM_PROTECTION: authentication_requirements = hci::AuthenticationRequirements::NO_BONDING_MITM_PROTECTION; break; case AuthenticationRequirements::DEDICATED_BONDING: authentication_requirements = hci::AuthenticationRequirements::DEDICATED_BONDING; break; case AuthenticationRequirements::DEDICATED_BONDING_MITM_PROTECTION: authentication_requirements = hci::AuthenticationRequirements::DEDICATED_BONDING_MITM_PROTECTION; break; case AuthenticationRequirements::GENERAL_BONDING: authentication_requirements = hci::AuthenticationRequirements::GENERAL_BONDING; break; case AuthenticationRequirements::GENERAL_BONDING_MITM_PROTECTION: authentication_requirements = hci::AuthenticationRequirements::GENERAL_BONDING_MITM_PROTECTION; break; default: LOG_ERROR("Unknown Authentication Requirements %d", static_cast<int>(request->requirement())); } security_module_->GetFacadeConfigurationApi()->SetAuthenticationRequirements(authentication_requirements); return ::grpc::Status::OK; } ::grpc::Status SetOobDataPresent(::grpc::ServerContext* context, const OobDataMessage* request, ::google::protobuf::Empty* response) override { hci::OobDataPresent data_present = hci::OobDataPresent::NOT_PRESENT; switch (request->data_present()) { case OobDataPresent::NOT_PRESENT: data_present = hci::OobDataPresent::NOT_PRESENT; break; case OobDataPresent::P192_PRESENT: data_present = hci::OobDataPresent::P_192_PRESENT; break; case OobDataPresent::P256_PRESENT: data_present = hci::OobDataPresent::P_256_PRESENT; break; case OobDataPresent::P192_AND_256_PRESENT: data_present = hci::OobDataPresent::P_192_AND_256_PRESENT; break; default: LOG_ERROR("Unknown oob data present %d", static_cast<int>(data_present())); } security_module_->GetFacadeConfigurationApi()->SetOobData(data_present); return ::grpc::Status::OK; } void DisplayPairingPrompt(const bluetooth::hci::AddressWithType& peer, std::string name) { LOG_INFO("%s", peer.ToString().c_str()); UiMsg display_yes_no; Loading
system/gd/security/facade.proto +38 −0 Original line number Diff line number Diff line Loading @@ -9,6 +9,9 @@ service SecurityModuleFacade { rpc CreateBond(facade.BluetoothAddressWithType) returns (google.protobuf.Empty) {} rpc CancelBond(facade.BluetoothAddressWithType) returns (google.protobuf.Empty) {} rpc RemoveBond(facade.BluetoothAddressWithType) returns (google.protobuf.Empty) {} rpc SetIoCapabilities(IoCapabilitiesMessage) returns (google.protobuf.Empty) {} rpc SetAuthenticationRequirements(AuthenticationRequirementsMessage) returns (google.protobuf.Empty) {} rpc SetOobDataPresent(OobDataMessage) returns (google.protobuf.Empty) {} rpc SendUiCallback(UiCallbackMsg) returns (google.protobuf.Empty) {} rpc FetchUiEvents(google.protobuf.Empty) returns (stream UiMsg) {} rpc FetchBondEvents(google.protobuf.Empty) returns (stream BondMsg) {} Loading Loading @@ -52,3 +55,38 @@ message BondMsg { BondMsgType message_type = 1; facade.BluetoothAddressWithType peer = 2; } enum IoCapabilities { DISPLAY_ONLY = 0; DISPLAY_YES_NO_IO_CAP = 1; KEYBOARD_ONLY = 2; NO_INPUT_NO_OUTPUT = 3; } message IoCapabilitiesMessage { IoCapabilities capability = 1; } enum AuthenticationRequirements { NO_BONDING = 0; NO_BONDING_MITM_PROTECTION = 1; DEDICATED_BONDING = 2; DEDICATED_BONDING_MITM_PROTECTION = 3; GENERAL_BONDING = 4; GENERAL_BONDING_MITM_PROTECTION = 5; } message AuthenticationRequirementsMessage { AuthenticationRequirements requirement = 1; } enum OobDataPresent { NOT_PRESENT = 0; P192_PRESENT = 1; P256_PRESENT = 2; P192_AND_256_PRESENT = 3; } message OobDataMessage { OobDataPresent data_present = 1; }
system/gd/security/facade_configuration_api.cc 0 → 100644 +40 −0 Original line number Diff line number Diff line /* * * Copyright 2019 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at: * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * */ #include "facade_configuration_api.h" #include "os/log.h" namespace bluetooth { namespace security { void FacadeConfigurationApi::SetIoCapabilities(hci::IoCapability io_capability) { security_handler_->Post(common::BindOnce(&internal::SecurityManagerImpl::SetIoCapabilities, common::Unretained(security_manager_impl_), io_capability)); } void FacadeConfigurationApi::SetAuthenticationRequirements(hci::AuthenticationRequirements authentication_requirement) { security_handler_->Post(common::BindOnce(&internal::SecurityManagerImpl::SetAuthenticationRequirements, common::Unretained(security_manager_impl_), authentication_requirement)); } void FacadeConfigurationApi::SetOobData(hci::OobDataPresent data_present) { security_handler_->Post(common::BindOnce(&internal::SecurityManagerImpl::SetOobDataPresent, common::Unretained(security_manager_impl_), data_present)); } } // namespace security } // namespace bluetooth
system/gd/security/facade_configuration_api.h 0 → 100644 +55 −0 Original line number Diff line number Diff line /* * * Copyright 2020 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at: * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * */ #pragma once #include <memory> #include <vector> #include "hci/address_with_type.h" #include "hci/hci_packets.h" #include "security/internal/security_manager_impl.h" namespace bluetooth { namespace security { /** * Manages the security attributes, pairing, bonding of devices, and the * encryption/decryption of communications. */ class FacadeConfigurationApi { public: friend class internal::SecurityManagerImpl; friend class SecurityModule; void SetIoCapabilities(hci::IoCapability io_capability); void SetAuthenticationRequirements(hci::AuthenticationRequirements authentication_requirement); void SetOobData(hci::OobDataPresent oob_present); protected: FacadeConfigurationApi(os::Handler* security_handler, internal::SecurityManagerImpl* security_manager_impl) : security_handler_(security_handler), security_manager_impl_(security_manager_impl) {} private: os::Handler* security_handler_ = nullptr; internal::SecurityManagerImpl* security_manager_impl_; DISALLOW_COPY_AND_ASSIGN(FacadeConfigurationApi); }; } // namespace security } // namespace bluetooth
