test
Fork of nRF51822 by
Embed:
(wiki syntax)
Show/hide line numbers
btle_security.cpp
00001 /* mbed Microcontroller Library 00002 * Copyright (c) 2006-2013 ARM Limited 00003 * 00004 * Licensed under the Apache License, Version 2.0 (the "License"); 00005 * you may not use this file except in compliance with the License. 00006 * You may obtain a copy of the License at 00007 * 00008 * http://www.apache.org/licenses/LICENSE-2.0 00009 * 00010 * Unless required by applicable law or agreed to in writing, software 00011 * distributed under the License is distributed on an "AS IS" BASIS, 00012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00013 * See the License for the specific language governing permissions and 00014 * limitations under the License. 00015 */ 00016 00017 #include "btle.h" 00018 #include "pstorage.h " 00019 00020 #include "nRF5xGap.h" 00021 #include "nRF5xSecurityManager.h" 00022 00023 #include "device_manager.h " 00024 #include "btle_security.h" 00025 00026 static dm_application_instance_t applicationInstance; 00027 static ret_code_t dm_handler(dm_handle_t const *p_handle, dm_event_t const *p_event, ret_code_t event_result); 00028 00029 ble_error_t 00030 btle_initializeSecurity(bool enableBonding, 00031 bool requireMITM, 00032 SecurityManager::SecurityIOCapabilities_t iocaps, 00033 const SecurityManager::Passkey_t passkey) 00034 { 00035 /* guard against multiple initializations */ 00036 static bool initialized = false; 00037 if (initialized) { 00038 return BLE_ERROR_NONE; 00039 } 00040 00041 if (pstorage_init() != NRF_SUCCESS) { 00042 return BLE_ERROR_UNSPECIFIED; 00043 } 00044 00045 ret_code_t rc; 00046 if (passkey) { 00047 ble_opt_t opts; 00048 opts.gap_opt.passkey.p_passkey = const_cast<uint8_t *>(passkey); 00049 if ((rc = sd_ble_opt_set(BLE_GAP_OPT_PASSKEY, &opts)) != NRF_SUCCESS) { 00050 switch (rc) { 00051 case BLE_ERROR_INVALID_CONN_HANDLE: 00052 case NRF_ERROR_INVALID_ADDR: 00053 case NRF_ERROR_INVALID_PARAM: 00054 default: 00055 return BLE_ERROR_INVALID_PARAM; 00056 case NRF_ERROR_INVALID_STATE: 00057 return BLE_ERROR_INVALID_STATE; 00058 case NRF_ERROR_BUSY: 00059 return BLE_STACK_BUSY; 00060 } 00061 } 00062 } 00063 00064 dm_init_param_t dm_init_param = { 00065 .clear_persistent_data = false /* Set to true in case the module should clear all persistent data. */ 00066 }; 00067 if (dm_init(&dm_init_param) != NRF_SUCCESS) { 00068 return BLE_ERROR_UNSPECIFIED; 00069 } 00070 00071 const dm_application_param_t dm_param = { 00072 .evt_handler = dm_handler, 00073 .service_type = DM_PROTOCOL_CNTXT_GATT_CLI_ID, 00074 .sec_param = { 00075 .bond = enableBonding,/**< Perform bonding. */ 00076 .mitm = requireMITM, /**< Man In The Middle protection required. */ 00077 .io_caps = iocaps, /**< IO capabilities, see @ref BLE_GAP_IO_CAPS. */ 00078 .oob = 0, /**< Out Of Band data available. */ 00079 .min_key_size = 16, /**< Minimum encryption key size in octets between 7 and 16. If 0 then not applicable in this instance. */ 00080 .max_key_size = 16, /**< Maximum encryption key size in octets between min_key_size and 16. */ 00081 .kdist_periph = { 00082 .enc = 1, /**< Long Term Key and Master Identification. */ 00083 .id = 1, /**< Identity Resolving Key and Identity Address Information. */ 00084 .sign = 1, /**< Connection Signature Resolving Key. */ 00085 }, /**< Key distribution bitmap: keys that the peripheral device will distribute. */ 00086 } 00087 }; 00088 00089 if ((rc = dm_register(&applicationInstance, &dm_param)) != NRF_SUCCESS) { 00090 switch (rc) { 00091 case NRF_ERROR_INVALID_STATE: 00092 return BLE_ERROR_INVALID_STATE; 00093 case NRF_ERROR_NO_MEM: 00094 return BLE_ERROR_NO_MEM; 00095 default: 00096 return BLE_ERROR_UNSPECIFIED; 00097 } 00098 } 00099 00100 initialized = true; 00101 return BLE_ERROR_NONE; 00102 } 00103 00104 ble_error_t 00105 btle_purgeAllBondingState(void) 00106 { 00107 ret_code_t rc; 00108 if ((rc = dm_device_delete_all(&applicationInstance)) == NRF_SUCCESS) { 00109 return BLE_ERROR_NONE; 00110 } 00111 00112 switch (rc) { 00113 case NRF_ERROR_INVALID_STATE: 00114 return BLE_ERROR_INVALID_STATE; 00115 case NRF_ERROR_NO_MEM: 00116 return BLE_ERROR_NO_MEM; 00117 default: 00118 return BLE_ERROR_UNSPECIFIED; 00119 } 00120 } 00121 00122 ble_error_t 00123 btle_getLinkSecurity(Gap::Handle_t connectionHandle, SecurityManager::LinkSecurityStatus_t *securityStatusP) 00124 { 00125 ret_code_t rc; 00126 dm_handle_t dmHandle = { 00127 .appl_id = applicationInstance, 00128 }; 00129 if ((rc = dm_handle_get(connectionHandle, &dmHandle)) != NRF_SUCCESS) { 00130 if (rc == NRF_ERROR_NOT_FOUND) { 00131 return BLE_ERROR_INVALID_PARAM; 00132 } else { 00133 return BLE_ERROR_UNSPECIFIED; 00134 } 00135 } 00136 00137 if ((rc = dm_security_status_req(&dmHandle, reinterpret_cast<dm_security_status_t *>(securityStatusP))) != NRF_SUCCESS) { 00138 switch (rc) { 00139 case NRF_ERROR_INVALID_STATE: 00140 return BLE_ERROR_INVALID_STATE; 00141 case NRF_ERROR_NO_MEM: 00142 return BLE_ERROR_NO_MEM; 00143 default: 00144 return BLE_ERROR_UNSPECIFIED; 00145 } 00146 } 00147 00148 return BLE_ERROR_NONE; 00149 } 00150 00151 ret_code_t 00152 dm_handler(dm_handle_t const *p_handle, dm_event_t const *p_event, ret_code_t event_result) 00153 { 00154 switch (p_event->event_id) { 00155 case DM_EVT_SECURITY_SETUP: /* started */ { 00156 const ble_gap_sec_params_t *peerParams = &p_event->event_param.p_gap_param->params.sec_params_request.peer_params; 00157 nRF5xSecurityManager::getInstance().processSecuritySetupInitiatedEvent(p_event->event_param.p_gap_param->conn_handle, 00158 peerParams->bond, 00159 peerParams->mitm, 00160 (SecurityManager::SecurityIOCapabilities_t)peerParams->io_caps); 00161 break; 00162 } 00163 case DM_EVT_SECURITY_SETUP_COMPLETE: 00164 nRF5xSecurityManager::getInstance(). 00165 processSecuritySetupCompletedEvent(p_event->event_param.p_gap_param->conn_handle, 00166 (SecurityManager::SecurityCompletionStatus_t)(p_event->event_param.p_gap_param->params.auth_status.auth_status)); 00167 break; 00168 case DM_EVT_LINK_SECURED: { 00169 unsigned securityMode = p_event->event_param.p_gap_param->params.conn_sec_update.conn_sec.sec_mode.sm; 00170 unsigned level = p_event->event_param.p_gap_param->params.conn_sec_update.conn_sec.sec_mode.lv; 00171 SecurityManager::SecurityMode_t resolvedSecurityMode = SecurityManager::SECURITY_MODE_NO_ACCESS; 00172 switch (securityMode) { 00173 case 1: 00174 switch (level) { 00175 case 1: 00176 resolvedSecurityMode = SecurityManager::SECURITY_MODE_ENCRYPTION_OPEN_LINK; 00177 break; 00178 case 2: 00179 resolvedSecurityMode = SecurityManager::SECURITY_MODE_ENCRYPTION_NO_MITM; 00180 break; 00181 case 3: 00182 resolvedSecurityMode = SecurityManager::SECURITY_MODE_ENCRYPTION_WITH_MITM; 00183 break; 00184 } 00185 break; 00186 case 2: 00187 switch (level) { 00188 case 1: 00189 resolvedSecurityMode = SecurityManager::SECURITY_MODE_SIGNED_NO_MITM; 00190 break; 00191 case 2: 00192 resolvedSecurityMode = SecurityManager::SECURITY_MODE_SIGNED_WITH_MITM; 00193 break; 00194 } 00195 break; 00196 } 00197 00198 nRF5xSecurityManager::getInstance().processLinkSecuredEvent(p_event->event_param.p_gap_param->conn_handle, resolvedSecurityMode); 00199 break; 00200 } 00201 case DM_EVT_DEVICE_CONTEXT_STORED: 00202 nRF5xSecurityManager::getInstance().processSecurityContextStoredEvent(p_event->event_param.p_gap_param->conn_handle); 00203 break; 00204 default: 00205 break; 00206 } 00207 00208 return NRF_SUCCESS; 00209 }
Generated on Tue Jul 12 2022 21:00:16 by 1.7.2