| // Copyright 2022 Google LLC |
| // |
| // Licensed under the Apache License, Version 2.0 (the "License"); |
| // you may not use this file except in compliance with the License. |
| // You may obtain a copy of the License at |
| // |
| // https://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, software |
| // distributed under the License is distributed on an "AS IS" BASIS, |
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| // See the License for the specific language governing permissions and |
| // limitations under the License. |
| |
| syntax = "proto3"; |
| |
| option java_outer_classname = "SecurityProto"; |
| |
| package pandora; |
| |
| import "google/protobuf/empty.proto"; |
| import "google/protobuf/wrappers.proto"; |
| import "pandora/host.proto"; |
| |
| // Service to trigger Bluetooth Host security pairing procedures. |
| service Security { |
| // Listen to pairing events. |
| // This is handled independently from connections for several reasons: |
| // - Pairing can be triggered at any time and multiple times during the |
| // lifetime of a connection (this also explains why this is a stream). |
| // - In BR/EDR, the specification allows for a device to authenticate before |
| // connecting when in security mode 3 (link level enforced security). |
| rpc OnPairing(stream PairingEventAnswer) returns (stream PairingEvent); |
| // Secure (i.e. authenticate and/or encrypt) a connection with a specific |
| // security level to reach. Pairing events shall be handled through `OnPairing` |
| // if a corresponding stream has been opened prior to this call, otherwise, they |
| // shall be automatically confirmed by the host. |
| // If authentication and/or encryption procedures necessary to reach the |
| // desired security level have already been triggered before (typically as |
| // part of the connection establishment), this shall not trigger them again |
| // and only wait for the desired security level to be reached. If the desired |
| // security level has already been reached, this shall return immediately. |
| // Note: During the entire life of a connection, the security level can only |
| // be upgraded, see `SecurityLevel` and `LESecurityLevel` enumerable for |
| // details about each security level. |
| rpc Secure(SecureRequest) returns (SecureResponse); |
| // Wait for a specific connection security level to be reached. Events may |
| // be streamed through `OnPairing` if running, otherwise the host shall |
| // automatically confirm. |
| rpc WaitSecurity(WaitSecurityRequest) returns (WaitSecurityResponse); |
| } |
| |
| // Service to trigger Bluetooth Host security persistent storage procedures. |
| service SecurityStorage { |
| // Return whether or not a bond exists for a connection in the host |
| // persistent storage. |
| rpc IsBonded(IsBondedRequest) returns (google.protobuf.BoolValue); |
| // Remove a bond for a connection, if exists, from the host |
| // persistent storage. |
| rpc DeleteBond(DeleteBondRequest) returns (google.protobuf.Empty); |
| } |
| |
| // BR/EDR pairing security levels. |
| enum SecurityLevel { |
| // Level 0, for services with the following attributes: |
| // - Authentication of the remote device not required. |
| // - MITM protection not required. |
| // - No encryption required. |
| // - No user interaction required. |
| // |
| // No security. |
| // Permitted only for SDP and service data sent via either L2CAP fixed |
| // signaling channels or the L2CAP connection-less channel to PSMs that |
| // correspond to service class UUIDs which are allowed to utilize Level 0. |
| LEVEL0 = 0; |
| // Level 1, for services with the following attributes: |
| // - Authentication of the remote device required when encryption is enabled. |
| // - MITM protection not required. |
| // - Encryption not necessary. |
| // - At least 56-bit equivalent strength for encryption key when encryption is |
| // enabled should be used. |
| // - Minimal user interaction desired. |
| // |
| // Low security level. |
| LEVEL1 = 1; |
| // Level 2, for services with the following attributes: |
| // - Authentication of the remote device required. |
| // - MITM protection not required. |
| // - Encryption required. |
| // - At least 56-bit equivalent strength for encryption key should be used. |
| // |
| // Medium security level. |
| LEVEL2 = 2; |
| // Level 3, for services with the following attributes: |
| // - Authentication of the remote device required. |
| // - MITM protection required. |
| // - Encryption required. |
| // - At least 56-bit equivalent strength for encryption key should be used. |
| // - User interaction acceptable. |
| // |
| // High security. |
| LEVEL3 = 3; |
| // Level 4, for services with the following attributes: |
| // - Authentication of the remote device required. |
| // - MITM protection required. |
| // - Encryption required. |
| // - 128-bit equivalent strength for link and encryption keys required using FIPS |
| // approved algorithms (E0 not allowed, SAFER+ not allowed, and P-192 not |
| // allowed; encryption key not shortened). |
| // - User interaction acceptable. |
| // |
| // Highest security level. |
| // Only possible when both devices support Secure Connections. |
| LEVEL4 = 4; |
| } |
| |
| // Low Energy pairing security levels. |
| enum LESecurityLevel { |
| // No security (No authentication and no encryption). |
| LE_LEVEL1 = 0; |
| // Unauthenticated pairing with encryption. |
| LE_LEVEL2 = 1; |
| // Authenticated pairing with encryption. |
| LE_LEVEL3 = 2; |
| // Authenticated LE Secure Connections pairing with encryption using a 128- |
| // bit strength encryption key. |
| LE_LEVEL4 = 3; |
| } |
| |
| message PairingEvent { |
| // Pairing event remote device. |
| oneof remote { |
| // BR/EDR only. Used when a pairing event is received before the connection |
| // being complete: when the remote controller is set in security mode 3, |
| // it shall automatically pair with the remote device before notifying |
| // the host for a connection complete. |
| bytes address = 1; |
| // BR/EDR or Low Energy connection. |
| Connection connection = 2; |
| } |
| // Pairing method used for this pairing event. |
| oneof method { |
| // "Just Works" SSP / LE pairing association |
| // model. Confirmation is automatic. |
| google.protobuf.Empty just_works = 3; |
| // Numeric Comparison SSP / LE pairing association |
| // model. Confirmation is required. |
| uint32 numeric_comparison = 4; |
| // Passkey Entry SSP / LE pairing association model. |
| // Passkey is typed by the user. |
| // Only for LE legacy pairing or on devices without a display. |
| google.protobuf.Empty passkey_entry_request = 5; |
| // Passkey Entry SSP / LE pairing association model. |
| // Passkey is shown to the user. |
| // The peer device receives a Passkey Entry request. |
| uint32 passkey_entry_notification = 6; |
| // Legacy PIN Pairing. |
| // A PIN Code is typed by the user on IUT. |
| google.protobuf.Empty pin_code_request = 7; |
| // Legacy PIN Pairing. |
| // We generate a PIN code, and the user enters it in the peer |
| // device. While this is not part of the specification, some display |
| // devices automatically generate their PIN Code, instead of asking the |
| // user to type it. |
| bytes pin_code_notification = 8; |
| } |
| } |
| |
| message PairingEventAnswer { |
| // Received pairing event. |
| PairingEvent event = 1; |
| // Answer when needed to the pairing event method. |
| oneof answer { |
| // Numeric Comparison confirmation. |
| // Used when pairing event method is `numeric_comparison` or `just_works`. |
| bool confirm = 2; |
| // Passkey typed by the user. |
| // Used when pairing event method is `passkey_entry_request`. |
| uint32 passkey = 3; |
| // Pin typed by the user. |
| // Used when pairing event method is `pin_code_request`. |
| bytes pin = 4; |
| }; |
| } |
| |
| // Request of the `Secure` method. |
| message SecureRequest { |
| // Peer connection to secure. |
| Connection connection = 1; |
| // Security level to wait for. |
| oneof level { |
| // BR/EDR (classic) level. |
| SecurityLevel classic = 2; |
| // Low Energy level. |
| LESecurityLevel le = 3; |
| } |
| } |
| |
| // Response of the `Secure` method. |
| message SecureResponse { |
| // Response result. |
| oneof result { |
| // `Secure` completed successfully. |
| google.protobuf.Empty success = 1; |
| // `Secure` was unable to reach the desired security level. |
| google.protobuf.Empty not_reached = 2; |
| // Connection died before completion. |
| google.protobuf.Empty connection_died = 3; |
| // Pairing failure error. |
| google.protobuf.Empty pairing_failure = 4; |
| // Authentication failure error. |
| google.protobuf.Empty authentication_failure = 5; |
| // Encryption failure error. |
| google.protobuf.Empty encryption_failure = 6; |
| } |
| } |
| |
| // Request of the `WaitSecurity` method. |
| message WaitSecurityRequest { |
| // Peer connection to wait security level to be reached. |
| Connection connection = 1; |
| // Security level to wait for. |
| oneof level { |
| // BR/EDR (classic) level. |
| SecurityLevel classic = 2; |
| // Low Energy level. |
| LESecurityLevel le = 3; |
| } |
| } |
| |
| // Response of the `WaitSecurity` method. |
| message WaitSecurityResponse { |
| // Response result. |
| oneof result { |
| // `WaitSecurity` completed successfully. |
| google.protobuf.Empty success = 1; |
| // Connection died before completion. |
| google.protobuf.Empty connection_died = 2; |
| // Pairing failure error. |
| google.protobuf.Empty pairing_failure = 3; |
| // Authentication failure error. |
| google.protobuf.Empty authentication_failure = 4; |
| // Encryption failure error. |
| google.protobuf.Empty encryption_failure = 5; |
| } |
| } |
| |
| // Request of the `IsBonded` method. |
| message IsBondedRequest { |
| oneof address { |
| // Public device address. |
| bytes public = 1; |
| // Random device address. |
| bytes random = 2; |
| } |
| } |
| |
| // Request of the `DeleteBond` method. |
| message DeleteBondRequest { |
| oneof address { |
| // Public device address. |
| bytes public = 1; |
| // Random device address. |
| bytes random = 2; |
| } |
| } |