Add asynchronous client secure

* Adds parameter `rc` to `NimBLEDevice::startSecurity`, default value works as the original method.
* * `rc`: if not nullptr, will allow caller to obtain the internal return code.
* Adds parameter `async` to `NimBLEClient::secureConnection`, default value works as the original method.
* * `async`; if true, will send the secure command and return immediately with a true value for successfully sending the command, else false.

Author: thekurtovic

src/NimBLEClient.cpp

@@ -66,6 +66,7 @@ NimBLEClient::NimBLEClient(const NimBLEAddress& peerAddress)
       m_deleteCallbacks{false},
       m_connEstablished{false},
       m_asyncConnect{false},
+      m_asyncSecure{false},
       m_exchangeMTU{true},
 # if CONFIG_BT_NIMBLE_EXT_ADV
       m_phyMask{BLE_GAP_LE_PHY_1M_MASK | BLE_GAP_LE_PHY_2M_MASK | BLE_GAP_LE_PHY_CODED_MASK},
@@ -313,16 +314,42 @@ bool NimBLEClient::connect(const NimBLEAddress& address, bool deleteAttributes,
  * @return True on success.
  * @details This is a blocking function and should not be used in a callback.
  */
-bool NimBLEClient::secureConnection() const {
+bool NimBLEClient::secureConnection(bool async) {
     NIMBLE_LOGD(LOG_TAG, ">> secureConnection()");
 
+    if (!NimBLEDevice::m_synced) {
+        NIMBLE_LOGE(LOG_TAG, "Host reset, wait for sync.");
+        return false;
+    }
+
+    if (NimBLEDevice::isSecureInProgress()) {
+        NIMBLE_LOGE(LOG_TAG, "Secure already in progress");
+        return false;
+    }
+
+    m_asyncSecure = async;
+
+    // Set the secure in progress flag to prevent a scan from starting while securing.
+    NimBLEDevice::setSecureInProgress(true);
+
+    int rc = 0;
+    if (!NimBLEDevice::startSecurity(m_connHandle, &rc)) {
+        m_lastErr = rc;
+        m_asyncSecure = false;
+        NimBLEDevice::setSecureInProgress(false);
+        NIMBLE_LOGE(LOG_TAG, "secureConnection: failed to start rc=%d", rc);
+        return false;
+    }
+
+    if (m_asyncSecure) {
+        return true;
+    }
+
     NimBLETaskData taskData(const_cast<NimBLEClient*>(this), BLE_HS_ENOTCONN);
     m_pTaskData    = &taskData;
     int retryCount = 1;
     do {
-        if (NimBLEDevice::startSecurity(m_connHandle)) {
-            NimBLEUtils::taskWait(taskData, BLE_NPL_TIME_FOREVER);
-        }
+        NimBLEUtils::taskWait(taskData, BLE_NPL_TIME_FOREVER);
     } while (taskData.m_flags == (BLE_HS_ERR_HCI_BASE + BLE_ERR_PINKEY_MISSING) && retryCount--);
 
     m_pTaskData = nullptr;
@@ -1087,6 +1114,7 @@ int NimBLEClient::handleGapEvent(struct ble_gap_event* event, void* arg) {
                 return 0;
             }
 
+            NimBLEDevice::setSecureInProgress(false);
             if (event->enc_change.status == 0 ||
                 event->enc_change.status == (BLE_HS_ERR_HCI_BASE + BLE_ERR_PINKEY_MISSING)) {
                 NimBLEConnInfo peerInfo;

src/NimBLEClient.h

@@ -64,7 +64,7 @@ class NimBLEClient {
     bool           setConnection(uint16_t connHandle);
     uint16_t       getMTU() const;
     bool           exchangeMTU();
-    bool           secureConnection() const;
+    bool           secureConnection(bool async = false);
     void           setConnectTimeout(uint32_t timeout);
     bool           setDataLen(uint16_t txOctets);
     bool           discoverAttributes();
@@ -120,6 +120,7 @@ class NimBLEClient {
     bool                              m_deleteCallbacks;
     bool                              m_connEstablished;
     bool                              m_asyncConnect;
+    bool                              m_asyncSecure;
     bool                              m_exchangeMTU;
 # if CONFIG_BT_NIMBLE_EXT_ADV
     uint8_t m_phyMask;

src/NimBLEDevice.cpp

@@ -103,6 +103,7 @@ uint8_t                    NimBLEDevice::m_ownAddrType{BLE_OWN_ADDR_PUBLIC};
 
 # if defined(CONFIG_BT_NIMBLE_ROLE_CENTRAL) || defined(CONFIG_BT_NIMBLE_ROLE_PERIPHERAL)
 bool NimBLEDevice::m_connectionInProgress{false};
+bool NimBLEDevice::m_secureInProgress{false};
 # endif
 
 # ifdef ESP_PLATFORM
@@ -1140,13 +1141,16 @@ uint32_t NimBLEDevice::getSecurityPasskey() {
  * @param connHandle The connection handle of the peer device.
  * @returns NimBLE stack return code, 0 = success.
  */
-bool NimBLEDevice::startSecurity(uint16_t connHandle) {
-    int rc = ble_gap_security_initiate(connHandle);
-    if (rc != 0) {
-        NIMBLE_LOGE(LOG_TAG, "ble_gap_security_initiate: rc=%d %s", rc, NimBLEUtils::returnCodeToString(rc));
+bool NimBLEDevice::startSecurity(uint16_t connHandle, int *rc) {
+    int _rc = 0;
+    if (rc == nullptr)
+        rc = &_rc;
+    *rc = ble_gap_security_initiate(connHandle);
+    if (*rc != 0) {
+        NIMBLE_LOGE(LOG_TAG, "ble_gap_security_initiate: rc=%d %s", *rc, NimBLEUtils::returnCodeToString(*rc));
     }
 
-    return rc == 0 || rc == BLE_HS_EALREADY;
+    return *rc == 0 || *rc == BLE_HS_EALREADY;
 } // startSecurity
 
 /**
@@ -1268,6 +1272,23 @@ bool NimBLEDevice::isConnectionInProgress() {
     return m_connectionInProgress;
 } // isConnectionInProgress
 
+/**
+ * @brief Set the secure in progress flag.
+ * @param [in] inProgress The secure in progress flag.
+ * @details This is used to prevent a scan from starting while a secure is in progress.
+ */
+void NimBLEDevice::setSecureInProgress(bool inProgress) {
+    m_secureInProgress = inProgress;
+} // setSecureInProgress
+
+/**
+ * @brief Check if a secure is in progress.
+ * @return True if a secure is in progress.
+ */
+bool NimBLEDevice::isSecureInProgress() {
+    return m_secureInProgress;
+} // isSecureInProgress
+
 /**
  * @brief Return a string representation of the address of this device.
  * @return A string representation of this device address.

src/NimBLEDevice.h

@@ -129,7 +129,7 @@ class NimBLEDevice {
     static void          setSecurityRespKey(uint8_t respKey);
     static void          setSecurityPasskey(uint32_t passKey);
     static uint32_t      getSecurityPasskey();
-    static bool          startSecurity(uint16_t connHandle);
+    static bool          startSecurity(uint16_t connHandle, int *rc = nullptr);
     static bool          setMTU(uint16_t mtu);
     static uint16_t      getMTU();
     static bool          isIgnored(const NimBLEAddress& address);
@@ -186,6 +186,8 @@ class NimBLEDevice {
     static NimBLEAddress getBondedAddress(int index);
     static void          setConnectionInProgress(bool inProgress);
     static bool          isConnectionInProgress();
+    static void          setSecureInProgress(bool inProgress);
+    static bool          isSecureInProgress();
 # endif
 
   private:
@@ -199,6 +201,7 @@ class NimBLEDevice {
 
 # if defined(CONFIG_BT_NIMBLE_ROLE_CENTRAL) || defined(CONFIG_BT_NIMBLE_ROLE_PERIPHERAL)
     static bool m_connectionInProgress;
+    static bool m_secureInProgress;
 # endif
 
 # if defined(CONFIG_BT_NIMBLE_ROLE_OBSERVER)

src/NimBLERemoteValueAttribute.cpp

@@ -19,7 +19,7 @@ const char* LOG_TAG = "NimBLERemoteValueAttribute";
 bool NimBLERemoteValueAttribute::writeValue(const uint8_t* data, size_t length, bool response) const {
     NIMBLE_LOGD(LOG_TAG, ">> writeValue()");
 
-    const NimBLEClient* pClient    = getClient();
+    NimBLEClient*       pClient    = getClient();
     int                 retryCount = 1;
     int                 rc         = 0;
     uint16_t            mtu        = pClient->getMTU() - 3;
@@ -109,7 +109,7 @@ NimBLEAttValue NimBLERemoteValueAttribute::readValue(time_t* timestamp) const {
     NIMBLE_LOGD(LOG_TAG, ">> readValue()");
 
     NimBLEAttValue      value{};
-    const NimBLEClient* pClient    = getClient();
+    NimBLEClient*       pClient    = getClient();
     int                 rc         = 0;
     int                 retryCount = 1;
     NimBLETaskData      taskData(const_cast<NimBLERemoteValueAttribute*>(this), 0, &value);

src/NimBLEScan.cpp

@@ -291,8 +291,8 @@ bool NimBLEScan::isScanning() {
 bool NimBLEScan::start(uint32_t duration, bool is_continue) {
     NIMBLE_LOGD(LOG_TAG, ">> start: duration=%" PRIu32, duration);
 
-    if (NimBLEDevice::isConnectionInProgress()) {
-        NIMBLE_LOGE(LOG_TAG, "Connection in progress, cannot start scan");
+    if (NimBLEDevice::isConnectionInProgress() || NimBLEDevice::isSecureInProgress()) {
+        NIMBLE_LOGE(LOG_TAG, "Connection/Secure in progress, cannot start scan");
         return false;
     }