ARMmbed
diff --git a/‎features/FEATURE_BLE/ble/BLETypes.h
Lines changed: 70 additions & 1 deletion b/‎features/FEATURE_BLE/ble/BLETypes.h
Lines changed: 70 additions & 1 deletion
diff --git a/‎features/FEATURE_BLE/ble/GattAttribute.h
Lines changed: 105 additions & 3 deletions b/‎features/FEATURE_BLE/ble/GattAttribute.h
Lines changed: 105 additions & 3 deletions
@@ -129,7 +129,8 @@ struct link_encryption_t : SafeEnum<link_encryption_t, uint8_t> {
         NOT_ENCRYPTED,          /**< The link is not secured. */
         ENCRYPTION_IN_PROGRESS, /**< Link security is being established. */
         ENCRYPTED,              /**< The link is secure. */
-        ENCRYPTED_WITH_MITM     /**< The link is secure and authenticated. */
+        ENCRYPTED_WITH_MITM,    /**< The link is secure and authenticated. */
+        ENCRYPTED_WITH_SC_AND_MITM  /**< The link is secure and authenticated with a secure connection key. */
     };
 
     /**
@@ -460,6 +461,74 @@ struct random_address_type_t : SafeEnum<random_address_type_t, uint8_t> {
         SafeEnum<random_address_type_t, uint8_t>(value) { }
 };
 
+/**
+ * Security requirement that can be attached to an attribute operation.
+ */
+struct att_security_requirement_t : SafeEnum<att_security_requirement_t, uint8_t> {
+    /**
+     * Number of bits required to store the value.
+     *
+     * This value can be used to define a bitfield that host a value of this
+     * enum.
+     */
+    static const uint8_t size = 2;
+
+    /** struct scoped enum wrapped by the class */
+    enum type {
+        /**
+         * The operation does not have security requirements.
+         *
+         * It is equivalent to: SecurityMode 1 level 1: No authentication, no
+         * encryption and no signing required.
+         *
+         * @note This security mode is not applicable for signed operation.
+         *
+         * @note Equivalent to SecurityManager::SECURITY_MODE_ENCRYPTION_OPEN_LINK.
+         */
+        NONE,
+
+        /**
+         * The operation requires security and there's no requirement towards
+         * peer authentication.
+         *
+         * @note Security can be achieved either by signing messages or
+         * encrypting the link.
+         *
+         * @note Signing is only applicable for signed write operations.
+         *
+         * @note Equivalent to SecurityManager::SECURITY_MODE_ENCRYPTION_NO_MITM
+         * or SecurityManager::SECURITY_MODE_SIGNED_NO_MITM.
+         */
+        UNAUTHENTICATED,
+
+        /**
+         * The operation requires security and the peer must be authenticated.
+         *
+         * @note Security can be achieved either by signing messages or
+         * encrypting the link.
+         *
+         * @note Equivalent to SecurityManager::SECURITY_MODE_ENCRYPTION_WITH_MITM
+         * or SecurityManager::SECURITY_MODE_SIGNED_WITH_MITM.
+         */
+        AUTHENTICATED,
+
+        /**
+         * The operation require encryption with an authenticated peer that
+         * paired using secure connection pairing.
+         *
+         * @note This security mode is not applicable for signed operation;
+         * security is achieved with link encryption.
+         */
+        SC_AUTHENTICATED
+    };
+
+    /**
+     * Construct a new instance of att_security_requirement_t.
+     */
+    att_security_requirement_t(type value) :
+        SafeEnum<att_security_requirement_t, uint8_t>(value) { }
+};
+
 } // namespace ble
 
 /**
 
@@ -72,6 +72,9 @@ class GattAttribute {
     static const Handle_t INVALID_HANDLE = 0x0000;
 
 public:
+
+    typedef ble::att_security_requirement_t Security_t;
+
     /**
      * Construct an attribute.
      *
@@ -102,6 +105,9 @@ class GattAttribute {
      *    true // variable length
      * );
      * @endcode
+     *
+     * @note By default, read and write operations are allowed and does not
+     * require any security.
      */
     GattAttribute(
         const UUID &uuid,
@@ -113,8 +119,12 @@ class GattAttribute {
         _valuePtr(valuePtr),
         _lenMax(maxLen),
         _len(len),
+        _handle(),
         _hasVariableLen(hasVariableLen),
-        _handle() {
+        _read_allowed(true),
+        _read_security(Security_t::NONE),
+        _write_allowed(true),
+        _write_security(Security_t::NONE) {
     }
 
 public:
@@ -209,6 +219,78 @@ class GattAttribute {
         return _hasVariableLen;
     }
 
+    /**
+     * Allow or disallow read operation from a client.
+     * @param allow_read Read is allowed if true.
+     */
+    void allowRead(bool allow_read)
+    {
+        _read_allowed = allow_read;
+    }
+
+    /**
+     * Indicate if a client is allowed to read the attribute.
+     * @return true if a client is allowed to read the attribute.
+     */
+    bool isReadAllowed(void) const
+    {
+        return _read_allowed;
+    }
+
+    /**
+     * Set the security requirements of the read operations.
+     * @param requirement The security level required by the read operations.
+     */
+    void setReadSecurityRequirement(Security_t requirement)
+    {
+        _read_security = requirement.value();
+    }
+
+    /**
+     * Return the security level required by read operations.
+     * @return The security level of the read operations.
+     */
+    Security_t getReadSecurityRequirement() const
+    {
+        return static_cast<Security_t::type>(_read_security);
+    }
+
+    /**
+     * Allow or disallow write operation from a client.
+     * @param allow_write Write is allowed if true.
+     */
+    void allowWrite(bool allow_write)
+    {
+        _write_allowed = allow_write;
+    }
+
+    /**
+     * Indicate if a client is allowed to write the attribute.
+     * @return true if a client is allowed to write the attribute.
+     */
+    bool isWriteAllowed(void) const
+    {
+        return _write_allowed;
+    }
+
+    /**
+     * Set the security requirements of the write operations.
+     * @param requirement The security level required by the write operations.
+     */
+    void setWriteSecurityRequirement(Security_t requirement)
+    {
+        _write_security = requirement.value();
+    }
+
+    /**
+     * Return the security level required by write operations.
+     * @return The security level of the write operations.
+     */
+    Security_t getWriteSecurityRequirement() const
+    {
+        return static_cast<Security_t::type>(_write_security);
+    }
+
 private:
     /**
      * Characteristic's UUID.
@@ -230,15 +312,35 @@ class GattAttribute {
      */
     uint16_t _len;
 
+    /**
+     * The attribute's handle in the ATT table.
+     */
+    Handle_t _handle;
+
     /**
      * Whether the length of the value can change throughout time.
      */
     bool _hasVariableLen;
 
     /**
-     * The attribute's handle in the ATT table.
+     * Whether read is allowed or not.
      */
-    Handle_t _handle;
+    uint8_t _read_allowed:1;
+
+    /**
+     * Security applied to the read operation.
+     */
+    uint8_t _read_security: Security_t::size;
+
+    /**
+     * Whether write is allowed or not.
+     */
+    uint8_t _write_allowed:1;
+
+    /**
+     * Security applied to the write operation.
+     */
+    uint8_t _write_security: Security_t::size;
 
 private:
     /* Disallow copy and assignment. */