enhance BLEService::setPermission(read,write)

Author: hathach

README.md

@@ -16,6 +16,7 @@ Following boards are also included but are not officially supported:
 
 - [Nordic nRF52840DK PCA10056](https://www.nordicsemi.com/Software-and-Tools/Development-Kits/nRF52840-DK)
 - [Particle Xenon](https://store.particle.io/products/xenon)
+- [Raytac MDBT50Q-RX Dongle](https://www.raytac.com/product/ins.php?index_id=89)
 
 ## BSP Installation
 
@@ -49,7 +50,7 @@ There are two methods that you can use to install this BSP. We highly recommend
 
 ### Adafruit's nrfutil tools
 
-[adafruit-nrfutil](https://github.com/adafruit/Adafruit_nRF52_nrfutil) (derived from Nordic pc-nrfutil) is needed to upload sketch via serial port.
+[adafruit-nrfutil](https://github.com/adafruit/Adafruit_nRF52_nrfutil) (derived from Nordic [pc-nrfutil](https://github.com/NordicSemiconductor/pc-nrfutil)) is needed to upload sketch via serial port.
 
 - For Windows and macOS, pre-built executable binaries are included in the BSP at `tools/adafruit-nrfutil/`. It should work out of the box.
 - Linux user need to run follow command to install it from PyPi
@@ -117,8 +118,7 @@ which in turn is based on the [Arduino SAMD Core](https://github.com/arduino/Ard
 
 The following libraries are used:
 
-- adafruit-nrfutil is based on Nordic Semiconductor ASA's [pc-nrfutil](https://github.com/NordicSemiconductor/pc-nrfutil)
-- [freeRTOS](https://www.freertos.org/) as operating system
-- [tinyusb](https://github.com/hathach/tinyusb) as usb stack
+- [FreeRTOS](https://www.freertos.org/) as operating system
+- [LittleFS](https://github.com/ARMmbed/littlefs) for internal file system
 - [nrfx](https://github.com/NordicSemiconductor/nrfx) for peripherals driver
-- [littlefs](https://github.com/ARMmbed/littlefs) for internal file system
+- [TinyUSB](https://github.com/hathach/tinyusb) as usb stack

changelog.md

@@ -1,5 +1,55 @@
 # Adafruit nRF52 Arduino Core Changelog
 
+## 0.20.0
+
+This version implement comprehensive pairing with LESC and Legacy using dynamic & staic Passkey.
+
+- Support static passkey (Legacy only)
+- Support LESC on nRF52840 using hardware-accelerated ARM CryptoCell CC310 provided by [Adafruit_nRFCypto](https://github.com/adafruit/Adafruit_nRFCrypto), therefore nRFCrypto library must be installed
+- Rework bonding mechanism to use IRK for peer finding. It is advisable to run `clearbonds` example to clean up bond files of previous version
+
+### BLESecurity
+
+A new class BLESecurity (access with Bluefruit.Security) is added to handle security and pairing.
+
+- **setPIN()** to set static passkey, this will force to use Legacy Pairing
+- **setIOCaps()** to congiure IO capacities
+- **setMITM()** to enable/disable Man in The Middle protection (passkey), it is auto-enabled when using passkey
+- **setPairPasskeyCallback()** to register callback for displaying pairing passkey to user
+- **setPairCompleteCallback()** to register callback for the result of pairing procedure (succeeded or failed)
+- **setSecuredCallback()** to register callback which invoked when connection is secured. This happens after he pairing procedure is complete, or we re-connect with preivously bonded peer device
+
+### Other Changes
+
+**BLECentral** 
+
+- will automatically use stored Long Term Key to secure connection if paired/bonded with device previously
+
+**Bluefruit**
+
+- Bluefruit::requestPairing() is removed, please use the BLEConnection::requestPairing() instead
+- Bluefruit::connPaired() is removed, please use BLEConnection::secure() instead
+- Default Device name is USB_PRODUCT if available e.g CLUE, Circuit Playground Bluefruit, Feather nRF52840 Express etc ...
+
+**BLEService**
+
+- Added setPermission()
+
+**BLEConnection**
+
+- BLEConnection::requestPairing() is now non-blocking, it will return right after sending request to peer device. Previously it is blocked until the pairing process is complete.
+- Added BLEConnection::secured() to check if the connection is secured/encrypted
+- Added BLEConnection::bonded() to check if we store Longterm Key with current peer
+- Removed BLEConnection:paried(), user should either use secured() or bonded() depending on the context
+- If bonded, getPeerAddr() will return peer public address instead of random address. 
+
+**New Example Sketches**
+
+- **pairing_pin** to use static PIN for peripheral role
+- **pairing_passkey** to use dyanmic Passkey for pairing. On Arcada compatible device such as `CLUE` or `Circuit Playground Bluefruit`, TFT display will also be used to display passkey.
+- **cental_pairing** similar to pairing_passkey but for nRF running central role
+- **ancs_arcada** for displaying ancs on arcada such CLUE and/or CPB.
+
 ## 0.19.0 - 2020.03.12
 
 - Add BLECharacteristic::isFixedLen()

libraries/Bluefruit52Lib/examples/Peripheral/pairing_passkey/pairing_passkey.ino

@@ -121,7 +121,7 @@ void setup()
   // Set Permission to access BLE Uart is to require man-in-the-middle protection
   // This will cause central to perform pairing with static PIN we set above
   Serial.println("Configure BLE Uart to require man-in-the-middle protection for PIN pairing");
-  bleuart.setPermission(SECMODE_ENC_WITH_MITM);
+  bleuart.setPermission(SECMODE_ENC_WITH_MITM, SECMODE_ENC_WITH_MITM);
   bleuart.begin();
 
 #ifdef USE_ARCADA

libraries/Bluefruit52Lib/examples/Peripheral/pairing_pin/pairing_pin.ino

@@ -60,7 +60,7 @@ void setup()
   // Set Permission to access BLE Uart is to require man-in-the-middle protection
   // This will cause central to perform pairing with static PIN we set above
   Serial.println("Configure BLE Uart to require man-in-the-middle protection for PIN pairing");
-  bleuart.setPermission(SECMODE_ENC_WITH_MITM);
+  bleuart.setPermission(SECMODE_ENC_WITH_MITM, SECMODE_ENC_WITH_MITM);
   bleuart.begin();
 
   // Set up and start advertising

libraries/Bluefruit52Lib/src/BLECharacteristic.cpp

@@ -245,18 +245,21 @@ err_t BLECharacteristic::begin(void)
 
   // Correct Read/Write permission according to parent service
   // Use service permission if it has higher secure mode
-  SecureMode_t svc_secmode = _service->getPermission();
-  ble_gap_conn_sec_mode_t svc_perm;
-  memcpy(&svc_perm, &svc_secmode, 1);
+  SecureMode_t svc_rd_secmode, svc_wr_secmod;
+  _service->getPermission(&svc_rd_secmode, &svc_wr_secmod);
+
+  ble_gap_conn_sec_mode_t svc_rd_perm, svc_wr_perm;
+  memcpy(&svc_rd_perm, &svc_rd_secmode, 1);
+  memcpy(&svc_wr_perm, &svc_wr_secmod , 1);
 
   if ( _attr_meta.read_perm.sm != 0 ) // skip no access
   {
-    _attr_meta.read_perm = max_secmode(_attr_meta.read_perm, svc_perm);
+    _attr_meta.read_perm = max_secmode(_attr_meta.read_perm, svc_rd_perm);
   }
 
   if ( _attr_meta.write_perm.sm != 0 ) // skip no access
   {
-    _attr_meta.write_perm = max_secmode(_attr_meta.write_perm, svc_perm);
+    _attr_meta.write_perm = max_secmode(_attr_meta.write_perm, svc_wr_perm);
   }
 
   /* CCCD attribute metadata */

libraries/Bluefruit52Lib/src/BLEService.cpp

@@ -41,7 +41,8 @@ BLEService* BLEService::lastService = NULL;
 void BLEService::_init(void)
 {
   _handle = BLE_GATT_HANDLE_INVALID;
-  _permission = SECMODE_OPEN;
+  _read_perm = SECMODE_OPEN;
+  _write_perm = SECMODE_OPEN;
 }
 
 BLEService::BLEService(void)
@@ -61,14 +62,16 @@ void BLEService::setUuid(BLEUuid bleuuid)
   uuid = bleuuid;
 }
 
-void BLEService::setPermission(SecureMode_t permission)
+void BLEService::setPermission(SecureMode_t read_perm, SecureMode_t write_perm)
 {
-  _permission = permission;
+  _read_perm = read_perm;
+  _write_perm = write_perm;
 }
 
-SecureMode_t BLEService::getPermission(void)
+void BLEService::getPermission(SecureMode_t* read_perm, SecureMode_t* write_perm)
 {
-  return _permission;
+  *read_perm = _read_perm;
+  *write_perm = _write_perm;
 }
 
 err_t BLEService::begin(void)

libraries/Bluefruit52Lib/src/BLEService.h

@@ -43,7 +43,8 @@ class BLEService
 {
   protected:
     uint16_t _handle; // service gatt handle
-    SecureMode_t _permission;
+    SecureMode_t _read_perm;
+    SecureMode_t _write_perm;
 
     void  _init(void);
 
@@ -60,8 +61,8 @@ class BLEService
 
     void setUuid(BLEUuid bleuuid);
 
-    void setPermission(SecureMode_t permission);
-    SecureMode_t getPermission(void);
+    void setPermission(SecureMode_t read_perm, SecureMode_t write_perm);
+    void getPermission(SecureMode_t* read_perm, SecureMode_t* write_perm);
 
     virtual err_t begin(void);