nRF5xSecurityManager.h

00001 /* mbed Microcontroller Library
00002  * Copyright (c) 2006-2013 ARM Limited
00003  *
00004  * Licensed under the Apache License, Version 2.0 (the "License");
00005  * you may not use this file except in compliance with the License.
00006  * You may obtain a copy of the License at
00007  *
00008  *     http://www.apache.org/licenses/LICENSE-2.0
00009  *
00010  * Unless required by applicable law or agreed to in writing, software
00011  * distributed under the License is distributed on an "AS IS" BASIS,
00012  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
00013  * See the License for the specific language governing permissions and
00014  * limitations under the License.
00015  */
00016 
00017 #ifndef __NRF51822_SECURITY_MANAGER_H__
00018 #define __NRF51822_SECURITY_MANAGER_H__
00019 
00020 #include <stddef.h>
00021 
00022 #include "nRF5xGap.h"
00023 #include "ble/SecurityManager.h"
00024 #include "btle_security.h"
00025 
00026 class nRF5xSecurityManager : public SecurityManager
00027 {
00028 public:
00029     /* Functions that must be implemented from SecurityManager */
00030     virtual ble_error_t init(bool                     enableBonding,
00031                              bool                     requireMITM,
00032                              SecurityIOCapabilities_t iocaps,
00033                              const Passkey_t          passkey) {
00034         return btle_initializeSecurity(enableBonding, requireMITM, iocaps, passkey);
00035     }
00036 
00037     virtual ble_error_t getLinkSecurity(Gap::Handle_t connectionHandle, LinkSecurityStatus_t *securityStatusP) {
00038         return btle_getLinkSecurity(connectionHandle, securityStatusP);
00039     }
00040 
00041     virtual ble_error_t setLinkSecurity(Gap::Handle_t connectionHandle, SecurityMode_t securityMode) {
00042         return btle_setLinkSecurity(connectionHandle, securityMode);
00043     }
00044 
00045     virtual ble_error_t purgeAllBondingState(void) {
00046         return btle_purgeAllBondingState();
00047     }
00048 
00049     /**
00050      * @brief  Returns a list of addresses from peers in the stacks bond table.
00051      *
00052      * @param[in/out]   addresses
00053      *                  (on input) @ref Gap::Whitelist_t structure where at
00054      *                  most addresses.capacity addresses from bonded peers will
00055      *                  be stored.
00056      *                  (on output) A copy of the addresses from bonded peers.
00057      *
00058      * @return
00059      *           BLE_ERROR_NONE if successful.
00060      */
00061     virtual ble_error_t getAddressesFromBondTable(Gap::Whitelist_t &addresses) const {
00062         uint8_t i;
00063 
00064         ble_gap_whitelist_t  whitelistFromBondTable;
00065         ble_gap_addr_t      *addressPtr[YOTTA_CFG_WHITELIST_MAX_SIZE];
00066         ble_gap_irk_t       *irkPtr[YOTTA_CFG_IRK_TABLE_MAX_SIZE];
00067 
00068         /* Initialize the structure so that we get as many addreses as the whitelist can hold */
00069         whitelistFromBondTable.addr_count = YOTTA_CFG_IRK_TABLE_MAX_SIZE;
00070         whitelistFromBondTable.pp_addrs   = addressPtr;
00071         whitelistFromBondTable.irk_count  = YOTTA_CFG_IRK_TABLE_MAX_SIZE;
00072         whitelistFromBondTable.pp_irks    = irkPtr;
00073 
00074         ble_error_t error = createWhitelistFromBondTable(whitelistFromBondTable);
00075         if (error != BLE_ERROR_NONE) {
00076             addresses.size = 0;
00077             return error;
00078         }
00079 
00080         /* Put all the addresses in the structure */
00081         for (i = 0; i < whitelistFromBondTable.addr_count; ++i) {
00082             if (i >= addresses.capacity) {
00083                 /* Ran out of space in the output Gap::Whitelist_t */
00084                 addresses.size = i;
00085                 return BLE_ERROR_NONE;
00086             }
00087             memcpy(&addresses.addresses[i], whitelistFromBondTable.pp_addrs[i], sizeof(BLEProtocol::Address_t));
00088         }
00089 
00090         /* Update the current address count */
00091         addresses.size = i;
00092 
00093         /* The assumption here is that the underlying implementation of
00094          * createWhitelistFromBondTable()  will not return the private resolvable
00095          * addresses (which is the case in the SoftDevice). Rather it returns the
00096          * IRKs, so we need to generate the private resolvable address by ourselves.
00097          */
00098         for (i = 0; i < whitelistFromBondTable.irk_count; ++i) {
00099             if (i + addresses.size >= addresses.capacity) {
00100                 /* Ran out of space in the output Gap::Whitelist_t */
00101                 addresses.size += i;
00102                 return BLE_ERROR_NONE;
00103             }
00104             btle_generateResolvableAddress(
00105                 *whitelistFromBondTable.pp_irks[i],
00106                 (ble_gap_addr_t &) addresses.addresses[i + addresses.size]
00107             );
00108         }
00109 
00110         /* Update the current address count */
00111         addresses.size += i;
00112 
00113         return BLE_ERROR_NONE;
00114     }
00115 
00116     /**
00117      * @brief  Clear nRF5xSecurityManager's state.
00118      *
00119      * @return
00120      *           BLE_ERROR_NONE if successful.
00121      */
00122     virtual ble_error_t reset(void)
00123     {
00124         if (SecurityManager::reset() != BLE_ERROR_NONE) {
00125             return BLE_ERROR_INVALID_STATE;
00126         }
00127 
00128         return BLE_ERROR_NONE;
00129     }
00130 
00131     bool hasInitialized(void) const {
00132         return btle_hasInitializedSecurity();
00133     }
00134 
00135 public:
00136     /*
00137      * Allow instantiation from nRF5xn when required.
00138      */
00139     friend class nRF5xn;
00140 
00141     nRF5xSecurityManager() {
00142         /* empty */
00143     }
00144 
00145 private:
00146     nRF5xSecurityManager(const nRF5xSecurityManager &);
00147     const nRF5xSecurityManager& operator=(const nRF5xSecurityManager &);
00148 
00149     /*
00150      * Expose an interface that allows us to query the SoftDevice bond table
00151      * and extract a whitelist.
00152      */
00153     ble_error_t createWhitelistFromBondTable(ble_gap_whitelist_t &whitelistFromBondTable) const {
00154         return btle_createWhitelistFromBondTable(&whitelistFromBondTable);
00155     }
00156 
00157     /*
00158      * Given a BLE address and a IRK this function check whether the address
00159      * can be generated from the IRK. To do so, this function uses the hash
00160      * function and algorithm described in the Bluetooth low Energy
00161      * Specification. Internally, Nordic SDK functions are used.
00162      */
00163     bool matchAddressAndIrk(ble_gap_addr_t *address, ble_gap_irk_t *irk) const {
00164         return btle_matchAddressAndIrk(address, irk);
00165     }
00166 
00167     /*
00168      * Give nRF5xGap access to createWhitelistFromBondTable() and
00169      * matchAddressAndIrk()
00170      */
00171     friend class nRF5xGap;
00172 };
00173 
00174 #endif // ifndef __NRF51822_SECURITY_MANAGER_H__