Junichi Katsu / nRF51822

Important changes to repositories hosted on mbed.com

Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.

To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.

It is also possible to export all your personal repositories from the account settings page.

Dependencies:   nrf51-sdk

Dependents:   microbit-dal

Fork of nRF51822 by Lancaster University

Embed: (wiki syntax)

« Back to documentation index

Show/hide line numbers nRF5xSecurityManager.h Source File

nRF5xSecurityManager.h

00001 /* mbed Microcontroller Library
00002  * Copyright (c) 2006-2013 ARM Limited
00003  *
00004  * Licensed under the Apache License, Version 2.0 (the "License");
00005  * you may not use this file except in compliance with the License.
00006  * You may obtain a copy of the License at
00007  *
00008  *     http://www.apache.org/licenses/LICENSE-2.0
00009  *
00010  * Unless required by applicable law or agreed to in writing, software
00011  * distributed under the License is distributed on an "AS IS" BASIS,
00012  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
00013  * See the License for the specific language governing permissions and
00014  * limitations under the License.
00015  */
00016 
00017 #ifndef __NRF51822_SECURITY_MANAGER_H__
00018 #define __NRF51822_SECURITY_MANAGER_H__
00019 
00020 #include <stddef.h>
00021 
00022 #include "nRF5xGap.h"
00023 #include "ble/SecurityManager.h"
00024 #include "btle_security.h"
00025 
00026 class nRF5xSecurityManager : public SecurityManager
00027 {
00028 public:
00029     /* Functions that must be implemented from SecurityManager */
00030     virtual ble_error_t init(bool                     enableBonding,
00031                              bool                     requireMITM,
00032                              SecurityIOCapabilities_t iocaps,
00033                              const Passkey_t          passkey) {
00034         return btle_initializeSecurity(enableBonding, requireMITM, iocaps, passkey);
00035     }
00036 
00037     virtual ble_error_t getLinkSecurity(Gap::Handle_t connectionHandle, LinkSecurityStatus_t *securityStatusP) {
00038         return btle_getLinkSecurity(connectionHandle, securityStatusP);
00039     }
00040 
00041     virtual ble_error_t setLinkSecurity(Gap::Handle_t connectionHandle, SecurityMode_t securityMode) {
00042         return btle_setLinkSecurity(connectionHandle, securityMode);
00043     }
00044 
00045     virtual ble_error_t purgeAllBondingState(void) {
00046         return btle_purgeAllBondingState();
00047     }
00048 
00049     /**
00050      * @brief  Returns a list of addresses from peers in the stacks bond table.
00051      *
00052      * @param[in/out]   addresses
00053      *                  (on input) @ref Gap::Whitelist_t structure where at
00054      *                  most addresses.capacity addresses from bonded peers will
00055      *                  be stored.
00056      *                  (on output) A copy of the addresses from bonded peers.
00057      *
00058      * @return
00059      *           BLE_ERROR_NONE if successful.
00060      */
00061     virtual ble_error_t getAddressesFromBondTable(Gap::Whitelist_t &addresses) const {
00062         uint8_t i;
00063 
00064         ble_gap_whitelist_t  whitelistFromBondTable;
00065         ble_gap_addr_t      *addressPtr[YOTTA_CFG_WHITELIST_MAX_SIZE];
00066         ble_gap_irk_t       *irkPtr[YOTTA_CFG_IRK_TABLE_MAX_SIZE];
00067 
00068         /* Initialize the structure so that we get as many addreses as the whitelist can hold */
00069         whitelistFromBondTable.addr_count = YOTTA_CFG_IRK_TABLE_MAX_SIZE;
00070         whitelistFromBondTable.pp_addrs   = addressPtr;
00071         whitelistFromBondTable.irk_count  = YOTTA_CFG_IRK_TABLE_MAX_SIZE;
00072         whitelistFromBondTable.pp_irks    = irkPtr;
00073 
00074         ble_error_t error = createWhitelistFromBondTable(whitelistFromBondTable);
00075         if (error != BLE_ERROR_NONE) {
00076             addresses.size = 0;
00077             addresses.bonds = 0;
00078             return error;
00079         }
00080 
00081         addresses.bonds = whitelistFromBondTable.irk_count;
00082 
00083         /* Put all the addresses in the structure */
00084         for (i = 0; i < whitelistFromBondTable.addr_count; ++i) {
00085             if (i >= addresses.capacity) {
00086                 /* Ran out of space in the output Gap::Whitelist_t */
00087                 addresses.size = i;
00088                 return BLE_ERROR_NONE;
00089             }
00090             memcpy(&addresses.addresses[i], whitelistFromBondTable.pp_addrs[i], sizeof(BLEProtocol::Address_t));
00091         }
00092 
00093         /* Update the current address count */
00094         addresses.size = i;
00095 
00096         /* The assumption here is that the underlying implementation of
00097          * createWhitelistFromBondTable()  will not return the private resolvable
00098          * addresses (which is the case in the SoftDevice). Rather it returns the
00099          * IRKs, so we need to generate the private resolvable address by ourselves.
00100          */
00101         for (i = 0; i < whitelistFromBondTable.irk_count; ++i) {
00102             if (i + addresses.size >= addresses.capacity) {
00103                 /* Ran out of space in the output Gap::Whitelist_t */
00104                 addresses.size += i;
00105                 return BLE_ERROR_NONE;
00106             }
00107             btle_generateResolvableAddress(
00108                 *whitelistFromBondTable.pp_irks[i],
00109                 (ble_gap_addr_t &) addresses.addresses[i + addresses.size]
00110             );
00111         }
00112 
00113         /* Update the current address count */
00114         addresses.size += i;
00115 
00116         return BLE_ERROR_NONE;
00117     }
00118 
00119     /**
00120      * @brief  Clear nRF5xSecurityManager's state.
00121      *
00122      * @return
00123      *           BLE_ERROR_NONE if successful.
00124      */
00125     virtual ble_error_t reset(void)
00126     {
00127         if (SecurityManager::reset() != BLE_ERROR_NONE) {
00128             return BLE_ERROR_INVALID_STATE;
00129         }
00130 
00131         return BLE_ERROR_NONE;
00132     }
00133 
00134     bool hasInitialized(void) const {
00135         return btle_hasInitializedSecurity();
00136     }
00137 
00138 public:
00139     /*
00140      * Allow instantiation from nRF5xn when required.
00141      */
00142     friend class nRF5xn;
00143 
00144     nRF5xSecurityManager() {
00145         /* empty */
00146     }
00147 
00148 private:
00149     nRF5xSecurityManager(const nRF5xSecurityManager &);
00150     const nRF5xSecurityManager& operator=(const nRF5xSecurityManager &);
00151 
00152     /*
00153      * Expose an interface that allows us to query the SoftDevice bond table
00154      * and extract a whitelist.
00155      */
00156     ble_error_t createWhitelistFromBondTable(ble_gap_whitelist_t &whitelistFromBondTable) const {
00157         return btle_createWhitelistFromBondTable(&whitelistFromBondTable);
00158     }
00159 
00160     /*
00161      * Given a BLE address and a IRK this function check whether the address
00162      * can be generated from the IRK. To do so, this function uses the hash
00163      * function and algorithm described in the Bluetooth low Energy
00164      * Specification. Internally, Nordic SDK functions are used.
00165      */
00166     bool matchAddressAndIrk(ble_gap_addr_t *address, ble_gap_irk_t *irk) const {
00167         return btle_matchAddressAndIrk(address, irk);
00168     }
00169 
00170     /*
00171      * Give nRF5xGap access to createWhitelistFromBondTable() and
00172      * matchAddressAndIrk()
00173      */
00174     friend class nRF5xGap;
00175 };
00176 
00177 #endif // ifndef __NRF51822_SECURITY_MANAGER_H__
Generated on Fri Jul 15 2022 12:51:28 by  doxygen 1.7.2