Glimworm Beacons
/
nRF51822
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Fork of
nRF51822
by 
Nordic Semiconductor
Embed:
(wiki syntax)
Show/hide line numbers
btle_security.cpp
00001 /* mbed Microcontroller Library 00002 * Copyright (c) 2006-2013 ARM Limited 00003 * 00004 * Licensed under the Apache License, Version 2.0 (the "License"); 00005 * you may not use this file except in compliance with the License. 00006 * You may obtain a copy of the License at 00007 * 00008 * http://www.apache.org/licenses/LICENSE-2.0 00009 * 00010 * Unless required by applicable law or agreed to in writing, software 00011 * distributed under the License is distributed on an "AS IS" BASIS, 00012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00013 * See the License for the specific language governing permissions and 00014 * limitations under the License. 00015 */ 00016 00017 #include "btle.h" 00018 #include "pstorage.h " 00019 00020 #include "nRF5xGap.h" 00021 #include "nRF5xSecurityManager.h" 00022 00023 #include "device_manager.h " 00024 #include "btle_security.h" 00025 00026 static dm_application_instance_t applicationInstance; 00027 static ret_code_t dm_handler(dm_handle_t const *p_handle, dm_event_t const *p_event, ret_code_t event_result); 00028 00029 ble_error_t 00030 btle_initializeSecurity(bool enableBonding, 00031 bool requireMITM, 00032 SecurityManager::SecurityIOCapabilities_t iocaps, 00033 const SecurityManager::Passkey_t passkey) 00034 { 00035 /* guard against multiple initializations */ 00036 static bool initialized = false; 00037 if (initialized) { 00038 return BLE_ERROR_NONE; 00039 } 00040 00041 if (pstorage_init() != NRF_SUCCESS) { 00042 return BLE_ERROR_UNSPECIFIED; 00043 } 00044 00045 ret_code_t rc; 00046 if (passkey) { 00047 ble_opt_t opts; 00048 opts.gap_opt.passkey.p_passkey = const_cast<uint8_t *>(passkey); 00049 if ((rc = sd_ble_opt_set(BLE_GAP_OPT_PASSKEY, &opts)) != NRF_SUCCESS) { 00050 switch (rc) { 00051 case BLE_ERROR_INVALID_CONN_HANDLE: 00052 case NRF_ERROR_INVALID_ADDR: 00053 case NRF_ERROR_INVALID_PARAM: 00054 default: 00055 return BLE_ERROR_INVALID_PARAM; 00056 case NRF_ERROR_INVALID_STATE: 00057 return BLE_ERROR_INVALID_STATE; 00058 case NRF_ERROR_BUSY: 00059 return BLE_STACK_BUSY; 00060 } 00061 } 00062 } 00063 00064 dm_init_param_t dm_init_param = { 00065 .clear_persistent_data = false /* Set to true in case the module should clear all persistent data. */ 00066 }; 00067 if (dm_init(&dm_init_param) != NRF_SUCCESS) { 00068 return BLE_ERROR_UNSPECIFIED; 00069 } 00070 00071 const dm_application_param_t dm_param = { 00072 .evt_handler = dm_handler, 00073 .service_type = DM_PROTOCOL_CNTXT_GATT_CLI_ID, 00074 .sec_param = { 00075 .bond = enableBonding,/**< Perform bonding. */ 00076 .mitm = requireMITM, /**< Man In The Middle protection required. */ 00077 .io_caps = iocaps, /**< IO capabilities, see @ref BLE_GAP_IO_CAPS. */ 00078 .oob = 0, /**< Out Of Band data available. */ 00079 .min_key_size = 16, /**< Minimum encryption key size in octets between 7 and 16. If 0 then not applicable in this instance. */ 00080 .max_key_size = 16, /**< Maximum encryption key size in octets between min_key_size and 16. */ 00081 .kdist_periph = { 00082 .enc = 1, /**< Long Term Key and Master Identification. */ 00083 .id = 1, /**< Identity Resolving Key and Identity Address Information. */ 00084 .sign = 1, /**< Connection Signature Resolving Key. */ 00085 }, /**< Key distribution bitmap: keys that the peripheral device will distribute. */ 00086 } 00087 }; 00088 00089 if ((rc = dm_register(&applicationInstance, &dm_param)) != NRF_SUCCESS) { 00090 switch (rc) { 00091 case NRF_ERROR_INVALID_STATE: 00092 return BLE_ERROR_INVALID_STATE; 00093 case NRF_ERROR_NO_MEM: 00094 return BLE_ERROR_NO_MEM; 00095 default: 00096 return BLE_ERROR_UNSPECIFIED; 00097 } 00098 } 00099 00100 initialized = true; 00101 return BLE_ERROR_NONE; 00102 } 00103 00104 ble_error_t 00105 btle_purgeAllBondingState(void) 00106 { 00107 ret_code_t rc; 00108 if ((rc = dm_device_delete_all(&applicationInstance)) == NRF_SUCCESS) { 00109 return BLE_ERROR_NONE; 00110 } 00111 00112 switch (rc) { 00113 case NRF_ERROR_INVALID_STATE: 00114 return BLE_ERROR_INVALID_STATE; 00115 case NRF_ERROR_NO_MEM: 00116 return BLE_ERROR_NO_MEM; 00117 default: 00118 return BLE_ERROR_UNSPECIFIED; 00119 } 00120 } 00121 00122 ble_error_t 00123 btle_getLinkSecurity(Gap::Handle_t connectionHandle, SecurityManager::LinkSecurityStatus_t *securityStatusP) 00124 { 00125 ret_code_t rc; 00126 dm_handle_t dmHandle = { 00127 .appl_id = applicationInstance, 00128 }; 00129 if ((rc = dm_handle_get(connectionHandle, &dmHandle)) != NRF_SUCCESS) { 00130 if (rc == NRF_ERROR_NOT_FOUND) { 00131 return BLE_ERROR_INVALID_PARAM; 00132 } else { 00133 return BLE_ERROR_UNSPECIFIED; 00134 } 00135 } 00136 00137 if ((rc = dm_security_status_req(&dmHandle, reinterpret_cast<dm_security_status_t *>(securityStatusP))) != NRF_SUCCESS) { 00138 switch (rc) { 00139 case NRF_ERROR_INVALID_STATE: 00140 return BLE_ERROR_INVALID_STATE; 00141 case NRF_ERROR_NO_MEM: 00142 return BLE_ERROR_NO_MEM; 00143 default: 00144 return BLE_ERROR_UNSPECIFIED; 00145 } 00146 } 00147 00148 return BLE_ERROR_NONE; 00149 } 00150 00151 ret_code_t 00152 dm_handler(dm_handle_t const *p_handle, dm_event_t const *p_event, ret_code_t event_result) 00153 { 00154 switch (p_event->event_id) { 00155 case DM_EVT_SECURITY_SETUP: /* started */ { 00156 const ble_gap_sec_params_t *peerParams = &p_event->event_param.p_gap_param->params.sec_params_request.peer_params; 00157 nRF5xSecurityManager::getInstance().processSecuritySetupInitiatedEvent(p_event->event_param.p_gap_param->conn_handle, 00158 peerParams->bond, 00159 peerParams->mitm, 00160 (SecurityManager::SecurityIOCapabilities_t)peerParams->io_caps); 00161 break; 00162 } 00163 case DM_EVT_SECURITY_SETUP_COMPLETE: 00164 nRF5xSecurityManager::getInstance(). 00165 processSecuritySetupCompletedEvent(p_event->event_param.p_gap_param->conn_handle, 00166 (SecurityManager::SecurityCompletionStatus_t)(p_event->event_param.p_gap_param->params.auth_status.auth_status)); 00167 break; 00168 case DM_EVT_LINK_SECURED: { 00169 unsigned securityMode = p_event->event_param.p_gap_param->params.conn_sec_update.conn_sec.sec_mode.sm; 00170 unsigned level = p_event->event_param.p_gap_param->params.conn_sec_update.conn_sec.sec_mode.lv; 00171 SecurityManager::SecurityMode_t resolvedSecurityMode = SecurityManager::SECURITY_MODE_NO_ACCESS; 00172 switch (securityMode) { 00173 case 1: 00174 switch (level) { 00175 case 1: 00176 resolvedSecurityMode = SecurityManager::SECURITY_MODE_ENCRYPTION_OPEN_LINK; 00177 break; 00178 case 2: 00179 resolvedSecurityMode = SecurityManager::SECURITY_MODE_ENCRYPTION_NO_MITM; 00180 break; 00181 case 3: 00182 resolvedSecurityMode = SecurityManager::SECURITY_MODE_ENCRYPTION_WITH_MITM; 00183 break; 00184 } 00185 break; 00186 case 2: 00187 switch (level) { 00188 case 1: 00189 resolvedSecurityMode = SecurityManager::SECURITY_MODE_SIGNED_NO_MITM; 00190 break; 00191 case 2: 00192 resolvedSecurityMode = SecurityManager::SECURITY_MODE_SIGNED_WITH_MITM; 00193 break; 00194 } 00195 break; 00196 } 00197 00198 nRF5xSecurityManager::getInstance().processLinkSecuredEvent(p_event->event_param.p_gap_param->conn_handle, resolvedSecurityMode); 00199 break; 00200 } 00201 case DM_EVT_DEVICE_CONTEXT_STORED: 00202 nRF5xSecurityManager::getInstance().processSecurityContextStoredEvent(p_event->event_param.p_gap_param->conn_handle); 00203 break; 00204 default: 00205 break; 00206 } 00207 00208 return NRF_SUCCESS; 00209 }
Generated on Tue Jul 12 2022 21:00:16 by
1.7.2