Nordic Semiconductor
Nordic stack and drivers for the mbed BLE API
Dependents: BLE_ANCS_SDAPI BLE_temperature BLE_HeartRate writable_gatt ... more
Diff: TARGET_NRF5/source/nRF5xSecurityManager.h
- Revision:
- 638:c90ae1400bf2
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/TARGET_NRF5/source/nRF5xSecurityManager.h Wed Sep 14 14:39:43 2016 +0100
@@ -0,0 +1,174 @@
+/* mbed Microcontroller Library
+ * Copyright (c) 2006-2013 ARM Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef __NRF51822_SECURITY_MANAGER_H__
+#define __NRF51822_SECURITY_MANAGER_H__
+
+#include <stddef.h>
+
+#include "nRF5xGap.h"
+#include "ble/SecurityManager.h"
+#include "btle_security.h"
+
+class nRF5xSecurityManager : public SecurityManager
+{
+public:
+ /* Functions that must be implemented from SecurityManager */
+ virtual ble_error_t init(bool enableBonding,
+ bool requireMITM,
+ SecurityIOCapabilities_t iocaps,
+ const Passkey_t passkey) {
+ return btle_initializeSecurity(enableBonding, requireMITM, iocaps, passkey);
+ }
+
+ virtual ble_error_t getLinkSecurity(Gap::Handle_t connectionHandle, LinkSecurityStatus_t *securityStatusP) {
+ return btle_getLinkSecurity(connectionHandle, securityStatusP);
+ }
+
+ virtual ble_error_t setLinkSecurity(Gap::Handle_t connectionHandle, SecurityMode_t securityMode) {
+ return btle_setLinkSecurity(connectionHandle, securityMode);
+ }
+
+ virtual ble_error_t purgeAllBondingState(void) {
+ return btle_purgeAllBondingState();
+ }
+
+ /**
+ * @brief Returns a list of addresses from peers in the stacks bond table.
+ *
+ * @param[in/out] addresses
+ * (on input) @ref Gap::Whitelist_t structure where at
+ * most addresses.capacity addresses from bonded peers will
+ * be stored.
+ * (on output) A copy of the addresses from bonded peers.
+ *
+ * @return
+ * BLE_ERROR_NONE if successful.
+ */
+ virtual ble_error_t getAddressesFromBondTable(Gap::Whitelist_t &addresses) const {
+ uint8_t i;
+
+ ble_gap_whitelist_t whitelistFromBondTable;
+ ble_gap_addr_t *addressPtr[YOTTA_CFG_WHITELIST_MAX_SIZE];
+ ble_gap_irk_t *irkPtr[YOTTA_CFG_IRK_TABLE_MAX_SIZE];
+
+ /* Initialize the structure so that we get as many addreses as the whitelist can hold */
+ whitelistFromBondTable.addr_count = YOTTA_CFG_IRK_TABLE_MAX_SIZE;
+ whitelistFromBondTable.pp_addrs = addressPtr;
+ whitelistFromBondTable.irk_count = YOTTA_CFG_IRK_TABLE_MAX_SIZE;
+ whitelistFromBondTable.pp_irks = irkPtr;
+
+ ble_error_t error = createWhitelistFromBondTable(whitelistFromBondTable);
+ if (error != BLE_ERROR_NONE) {
+ addresses.size = 0;
+ return error;
+ }
+
+ /* Put all the addresses in the structure */
+ for (i = 0; i < whitelistFromBondTable.addr_count; ++i) {
+ if (i >= addresses.capacity) {
+ /* Ran out of space in the output Gap::Whitelist_t */
+ addresses.size = i;
+ return BLE_ERROR_NONE;
+ }
+ memcpy(&addresses.addresses[i], whitelistFromBondTable.pp_addrs[i], sizeof(BLEProtocol::Address_t));
+ }
+
+ /* Update the current address count */
+ addresses.size = i;
+
+ /* The assumption here is that the underlying implementation of
+ * createWhitelistFromBondTable() will not return the private resolvable
+ * addresses (which is the case in the SoftDevice). Rather it returns the
+ * IRKs, so we need to generate the private resolvable address by ourselves.
+ */
+ for (i = 0; i < whitelistFromBondTable.irk_count; ++i) {
+ if (i + addresses.size >= addresses.capacity) {
+ /* Ran out of space in the output Gap::Whitelist_t */
+ addresses.size += i;
+ return BLE_ERROR_NONE;
+ }
+ btle_generateResolvableAddress(
+ *whitelistFromBondTable.pp_irks[i],
+ (ble_gap_addr_t &) addresses.addresses[i + addresses.size]
+ );
+ }
+
+ /* Update the current address count */
+ addresses.size += i;
+
+ return BLE_ERROR_NONE;
+ }
+
+ /**
+ * @brief Clear nRF5xSecurityManager's state.
+ *
+ * @return
+ * BLE_ERROR_NONE if successful.
+ */
+ virtual ble_error_t reset(void)
+ {
+ if (SecurityManager::reset() != BLE_ERROR_NONE) {
+ return BLE_ERROR_INVALID_STATE;
+ }
+
+ return BLE_ERROR_NONE;
+ }
+
+ bool hasInitialized(void) const {
+ return btle_hasInitializedSecurity();
+ }
+
+public:
+ /*
+ * Allow instantiation from nRF5xn when required.
+ */
+ friend class nRF5xn;
+
+ nRF5xSecurityManager() {
+ /* empty */
+ }
+
+private:
+ nRF5xSecurityManager(const nRF5xSecurityManager &);
+ const nRF5xSecurityManager& operator=(const nRF5xSecurityManager &);
+
+ /*
+ * Expose an interface that allows us to query the SoftDevice bond table
+ * and extract a whitelist.
+ */
+ ble_error_t createWhitelistFromBondTable(ble_gap_whitelist_t &whitelistFromBondTable) const {
+ return btle_createWhitelistFromBondTable(&whitelistFromBondTable);
+ }
+
+ /*
+ * Given a BLE address and a IRK this function check whether the address
+ * can be generated from the IRK. To do so, this function uses the hash
+ * function and algorithm described in the Bluetooth low Energy
+ * Specification. Internally, Nordic SDK functions are used.
+ */
+ bool matchAddressAndIrk(ble_gap_addr_t *address, ble_gap_irk_t *irk) const {
+ return btle_matchAddressAndIrk(address, irk);
+ }
+
+ /*
+ * Give nRF5xGap access to createWhitelistFromBondTable() and
+ * matchAddressAndIrk()
+ */
+ friend class nRF5xGap;
+};
+
+#endif // ifndef __NRF51822_SECURITY_MANAGER_H__
