Rob Kluin
config changes
Fork of
nRF51822
by 
Nordic Semiconductor
TARGET_NRF5/source/btle/btle_security.cpp@639:be81711532c9, 2017-03-09 (annotated)
- Committer:
- RobTT
- Date:
- Thu Mar 09 10:49:23 2017 +0000
- Revision:
- 639:be81711532c9
- Parent:
- 638:c90ae1400bf2
Internal test version 1
Who changed what in which revision?
| User | Revision | Line number | New contents of line |
|---|---|---|---|
| Vincent Coubard |
638:c90ae1400bf2 | 1 | /* mbed Microcontroller Library |
| Vincent Coubard |
638:c90ae1400bf2 | 2 | * Copyright (c) 2006-2013 ARM Limited |
| Vincent Coubard |
638:c90ae1400bf2 | 3 | * |
| Vincent Coubard |
638:c90ae1400bf2 | 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| Vincent Coubard |
638:c90ae1400bf2 | 5 | * you may not use this file except in compliance with the License. |
| Vincent Coubard |
638:c90ae1400bf2 | 6 | * You may obtain a copy of the License at |
| Vincent Coubard |
638:c90ae1400bf2 | 7 | * |
| Vincent Coubard |
638:c90ae1400bf2 | 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| Vincent Coubard |
638:c90ae1400bf2 | 9 | * |
| Vincent Coubard |
638:c90ae1400bf2 | 10 | * Unless required by applicable law or agreed to in writing, software |
| Vincent Coubard |
638:c90ae1400bf2 | 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| Vincent Coubard |
638:c90ae1400bf2 | 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| Vincent Coubard |
638:c90ae1400bf2 | 13 | * See the License for the specific language governing permissions and |
| Vincent Coubard |
638:c90ae1400bf2 | 14 | * limitations under the License. |
| Vincent Coubard |
638:c90ae1400bf2 | 15 | */ |
| Vincent Coubard |
638:c90ae1400bf2 | 16 | |
| Vincent Coubard |
638:c90ae1400bf2 | 17 | #include "btle.h" |
| Vincent Coubard |
638:c90ae1400bf2 | 18 | |
| Vincent Coubard |
638:c90ae1400bf2 | 19 | #include "nRF5xn.h" |
| Vincent Coubard |
638:c90ae1400bf2 | 20 | |
| Vincent Coubard |
638:c90ae1400bf2 | 21 | extern "C" { |
| Vincent Coubard |
638:c90ae1400bf2 | 22 | #include "pstorage.h" |
| Vincent Coubard |
638:c90ae1400bf2 | 23 | #include "device_manager.h" |
| Vincent Coubard |
638:c90ae1400bf2 | 24 | #include "id_manager.h" |
| Vincent Coubard |
638:c90ae1400bf2 | 25 | } |
| Vincent Coubard |
638:c90ae1400bf2 | 26 | |
| Vincent Coubard |
638:c90ae1400bf2 | 27 | #include "btle_security.h" |
| Vincent Coubard |
638:c90ae1400bf2 | 28 | |
| Vincent Coubard |
638:c90ae1400bf2 | 29 | static dm_application_instance_t applicationInstance; |
| Vincent Coubard |
638:c90ae1400bf2 | 30 | static bool initialized = false; |
| Vincent Coubard |
638:c90ae1400bf2 | 31 | static ret_code_t dm_handler(dm_handle_t const *p_handle, dm_event_t const *p_event, ret_code_t event_result); |
| Vincent Coubard |
638:c90ae1400bf2 | 32 | |
| Vincent Coubard |
638:c90ae1400bf2 | 33 | // default security parameters. Avoid "holes" between member assigments in order to compile by gcc++11. |
| Vincent Coubard |
638:c90ae1400bf2 | 34 | static ble_gap_sec_params_t securityParameters = { |
| Vincent Coubard |
638:c90ae1400bf2 | 35 | .bond = true, /**< Perform bonding. */ |
| Vincent Coubard |
638:c90ae1400bf2 | 36 | .mitm = true, /**< Man In The Middle protection required. */ |
| Vincent Coubard |
638:c90ae1400bf2 | 37 | .lesc = false, /**< Enable LE Secure Connection pairing. */ |
| Vincent Coubard |
638:c90ae1400bf2 | 38 | .keypress = false, /**< Enable generation of keypress notifications. */ |
| Vincent Coubard |
638:c90ae1400bf2 | 39 | .io_caps = SecurityManager::IO_CAPS_NONE, /**< IO capabilities, see @ref BLE_GAP_IO_CAPS. */ |
| Vincent Coubard |
638:c90ae1400bf2 | 40 | .oob = 0, /**< Out Of Band data available. */ |
| Vincent Coubard |
638:c90ae1400bf2 | 41 | .min_key_size = 16, /**< Minimum encryption key size in octets between 7 and 16. If 0 then not applicable in this instance. */ |
| Vincent Coubard |
638:c90ae1400bf2 | 42 | .max_key_size = 16, /**< Maximum encryption key size in octets between min_key_size and 16. */ |
| Vincent Coubard |
638:c90ae1400bf2 | 43 | .kdist_own = { |
| Vincent Coubard |
638:c90ae1400bf2 | 44 | .enc = 0, /**< Long Term Key and Master Identification. */ |
| Vincent Coubard |
638:c90ae1400bf2 | 45 | .id = 0, /**< Identity Resolving Key and Identity Address Information. */ |
| Vincent Coubard |
638:c90ae1400bf2 | 46 | .sign = 0, /**< Connection Signature Resolving Key. */ |
| Vincent Coubard |
638:c90ae1400bf2 | 47 | .link = 0 /**< Derive the Link Key from the LTK. */ |
| Vincent Coubard |
638:c90ae1400bf2 | 48 | }, /**< Key distribution bitmap: keys that the local device will distribute. */ |
| Vincent Coubard |
638:c90ae1400bf2 | 49 | .kdist_peer = { |
| Vincent Coubard |
638:c90ae1400bf2 | 50 | .enc = 1, /**< Long Term Key and Master Identification. */ |
| Vincent Coubard |
638:c90ae1400bf2 | 51 | .id = 1, /**< Identity Resolving Key and Identity Address Information. */ |
| Vincent Coubard |
638:c90ae1400bf2 | 52 | .sign = 1, /**< Connection Signature Resolving Key. */ |
| Vincent Coubard |
638:c90ae1400bf2 | 53 | .link = 0 /**< Derive the Link Key from the LTK. */ |
| Vincent Coubard |
638:c90ae1400bf2 | 54 | } /**< Key distribution bitmap: keys that the peripheral device will distribute. */ |
| Vincent Coubard |
638:c90ae1400bf2 | 55 | }; |
| Vincent Coubard |
638:c90ae1400bf2 | 56 | |
| Vincent Coubard |
638:c90ae1400bf2 | 57 | bool |
| Vincent Coubard |
638:c90ae1400bf2 | 58 | btle_hasInitializedSecurity(void) |
| Vincent Coubard |
638:c90ae1400bf2 | 59 | { |
| Vincent Coubard |
638:c90ae1400bf2 | 60 | return initialized; |
| Vincent Coubard |
638:c90ae1400bf2 | 61 | } |
| Vincent Coubard |
638:c90ae1400bf2 | 62 | |
| Vincent Coubard |
638:c90ae1400bf2 | 63 | ble_error_t |
| Vincent Coubard |
638:c90ae1400bf2 | 64 | btle_initializeSecurity(bool enableBonding, |
| Vincent Coubard |
638:c90ae1400bf2 | 65 | bool requireMITM, |
| Vincent Coubard |
638:c90ae1400bf2 | 66 | SecurityManager::SecurityIOCapabilities_t iocaps, |
| Vincent Coubard |
638:c90ae1400bf2 | 67 | const SecurityManager::Passkey_t passkey) |
| Vincent Coubard |
638:c90ae1400bf2 | 68 | { |
| Vincent Coubard |
638:c90ae1400bf2 | 69 | /* guard against multiple initializations */ |
| Vincent Coubard |
638:c90ae1400bf2 | 70 | if (initialized) { |
| Vincent Coubard |
638:c90ae1400bf2 | 71 | return BLE_ERROR_NONE; |
| Vincent Coubard |
638:c90ae1400bf2 | 72 | } |
| Vincent Coubard |
638:c90ae1400bf2 | 73 | |
| Vincent Coubard |
638:c90ae1400bf2 | 74 | if (pstorage_init() != NRF_SUCCESS) { |
| Vincent Coubard |
638:c90ae1400bf2 | 75 | return BLE_ERROR_UNSPECIFIED; |
| Vincent Coubard |
638:c90ae1400bf2 | 76 | } |
| Vincent Coubard |
638:c90ae1400bf2 | 77 | |
| Vincent Coubard |
638:c90ae1400bf2 | 78 | ret_code_t rc; |
| Vincent Coubard |
638:c90ae1400bf2 | 79 | if (passkey) { |
| Vincent Coubard |
638:c90ae1400bf2 | 80 | ble_opt_t opts; |
| Vincent Coubard |
638:c90ae1400bf2 | 81 | opts.gap_opt.passkey.p_passkey = const_cast<uint8_t *>(passkey); |
| Vincent Coubard |
638:c90ae1400bf2 | 82 | if ((rc = sd_ble_opt_set(BLE_GAP_OPT_PASSKEY, &opts)) != NRF_SUCCESS) { |
| Vincent Coubard |
638:c90ae1400bf2 | 83 | switch (rc) { |
| Vincent Coubard |
638:c90ae1400bf2 | 84 | case BLE_ERROR_INVALID_CONN_HANDLE: |
| Vincent Coubard |
638:c90ae1400bf2 | 85 | case NRF_ERROR_INVALID_ADDR: |
| Vincent Coubard |
638:c90ae1400bf2 | 86 | case NRF_ERROR_INVALID_PARAM: |
| Vincent Coubard |
638:c90ae1400bf2 | 87 | default: |
| Vincent Coubard |
638:c90ae1400bf2 | 88 | return BLE_ERROR_INVALID_PARAM; |
| Vincent Coubard |
638:c90ae1400bf2 | 89 | case NRF_ERROR_INVALID_STATE: |
| Vincent Coubard |
638:c90ae1400bf2 | 90 | return BLE_ERROR_INVALID_STATE; |
| Vincent Coubard |
638:c90ae1400bf2 | 91 | case NRF_ERROR_BUSY: |
| Vincent Coubard |
638:c90ae1400bf2 | 92 | return BLE_STACK_BUSY; |
| Vincent Coubard |
638:c90ae1400bf2 | 93 | } |
| Vincent Coubard |
638:c90ae1400bf2 | 94 | } |
| Vincent Coubard |
638:c90ae1400bf2 | 95 | } |
| Vincent Coubard |
638:c90ae1400bf2 | 96 | |
| Vincent Coubard |
638:c90ae1400bf2 | 97 | dm_init_param_t dm_init_param = { |
| Vincent Coubard |
638:c90ae1400bf2 | 98 | .clear_persistent_data = false /* Set to true in case the module should clear all persistent data. */ |
| Vincent Coubard |
638:c90ae1400bf2 | 99 | }; |
| Vincent Coubard |
638:c90ae1400bf2 | 100 | if (dm_init(&dm_init_param) != NRF_SUCCESS) { |
| Vincent Coubard |
638:c90ae1400bf2 | 101 | return BLE_ERROR_UNSPECIFIED; |
| Vincent Coubard |
638:c90ae1400bf2 | 102 | } |
| Vincent Coubard |
638:c90ae1400bf2 | 103 | |
| Vincent Coubard |
638:c90ae1400bf2 | 104 | // update default security parameters with function call parameters |
| Vincent Coubard |
638:c90ae1400bf2 | 105 | securityParameters.bond = enableBonding; |
| Vincent Coubard |
638:c90ae1400bf2 | 106 | securityParameters.mitm = requireMITM; |
| Vincent Coubard |
638:c90ae1400bf2 | 107 | securityParameters.io_caps = iocaps; |
| Vincent Coubard |
638:c90ae1400bf2 | 108 | |
| Vincent Coubard |
638:c90ae1400bf2 | 109 | const dm_application_param_t dm_param = { |
| Vincent Coubard |
638:c90ae1400bf2 | 110 | .evt_handler = dm_handler, |
| Vincent Coubard |
638:c90ae1400bf2 | 111 | .service_type = DM_PROTOCOL_CNTXT_GATT_CLI_ID, |
| Vincent Coubard |
638:c90ae1400bf2 | 112 | .sec_param = securityParameters |
| Vincent Coubard |
638:c90ae1400bf2 | 113 | }; |
| Vincent Coubard |
638:c90ae1400bf2 | 114 | |
| Vincent Coubard |
638:c90ae1400bf2 | 115 | if ((rc = dm_register(&applicationInstance, &dm_param)) != NRF_SUCCESS) { |
| Vincent Coubard |
638:c90ae1400bf2 | 116 | switch (rc) { |
| Vincent Coubard |
638:c90ae1400bf2 | 117 | case NRF_ERROR_INVALID_STATE: |
| Vincent Coubard |
638:c90ae1400bf2 | 118 | return BLE_ERROR_INVALID_STATE; |
| Vincent Coubard |
638:c90ae1400bf2 | 119 | case NRF_ERROR_NO_MEM: |
| Vincent Coubard |
638:c90ae1400bf2 | 120 | return BLE_ERROR_NO_MEM; |
| Vincent Coubard |
638:c90ae1400bf2 | 121 | default: |
| Vincent Coubard |
638:c90ae1400bf2 | 122 | return BLE_ERROR_UNSPECIFIED; |
| Vincent Coubard |
638:c90ae1400bf2 | 123 | } |
| Vincent Coubard |
638:c90ae1400bf2 | 124 | } |
| Vincent Coubard |
638:c90ae1400bf2 | 125 | |
| Vincent Coubard |
638:c90ae1400bf2 | 126 | initialized = true; |
| Vincent Coubard |
638:c90ae1400bf2 | 127 | return BLE_ERROR_NONE; |
| Vincent Coubard |
638:c90ae1400bf2 | 128 | } |
| Vincent Coubard |
638:c90ae1400bf2 | 129 | |
| Vincent Coubard |
638:c90ae1400bf2 | 130 | ble_error_t |
| Vincent Coubard |
638:c90ae1400bf2 | 131 | btle_purgeAllBondingState(void) |
| Vincent Coubard |
638:c90ae1400bf2 | 132 | { |
| Vincent Coubard |
638:c90ae1400bf2 | 133 | ret_code_t rc; |
| Vincent Coubard |
638:c90ae1400bf2 | 134 | if ((rc = dm_device_delete_all(&applicationInstance)) == NRF_SUCCESS) { |
| Vincent Coubard |
638:c90ae1400bf2 | 135 | return BLE_ERROR_NONE; |
| Vincent Coubard |
638:c90ae1400bf2 | 136 | } |
| Vincent Coubard |
638:c90ae1400bf2 | 137 | |
| Vincent Coubard |
638:c90ae1400bf2 | 138 | switch (rc) { |
| Vincent Coubard |
638:c90ae1400bf2 | 139 | case NRF_ERROR_INVALID_STATE: |
| Vincent Coubard |
638:c90ae1400bf2 | 140 | return BLE_ERROR_INVALID_STATE; |
| Vincent Coubard |
638:c90ae1400bf2 | 141 | case NRF_ERROR_NO_MEM: |
| Vincent Coubard |
638:c90ae1400bf2 | 142 | return BLE_ERROR_NO_MEM; |
| Vincent Coubard |
638:c90ae1400bf2 | 143 | default: |
| Vincent Coubard |
638:c90ae1400bf2 | 144 | return BLE_ERROR_UNSPECIFIED; |
| Vincent Coubard |
638:c90ae1400bf2 | 145 | } |
| Vincent Coubard |
638:c90ae1400bf2 | 146 | } |
| Vincent Coubard |
638:c90ae1400bf2 | 147 | |
| Vincent Coubard |
638:c90ae1400bf2 | 148 | ble_error_t |
| Vincent Coubard |
638:c90ae1400bf2 | 149 | btle_getLinkSecurity(Gap::Handle_t connectionHandle, SecurityManager::LinkSecurityStatus_t *securityStatusP) |
| Vincent Coubard |
638:c90ae1400bf2 | 150 | { |
| Vincent Coubard |
638:c90ae1400bf2 | 151 | ret_code_t rc; |
| Vincent Coubard |
638:c90ae1400bf2 | 152 | dm_handle_t dmHandle = { |
| Vincent Coubard |
638:c90ae1400bf2 | 153 | .appl_id = applicationInstance, |
| Vincent Coubard |
638:c90ae1400bf2 | 154 | }; |
| Vincent Coubard |
638:c90ae1400bf2 | 155 | if ((rc = dm_handle_get(connectionHandle, &dmHandle)) != NRF_SUCCESS) { |
| Vincent Coubard |
638:c90ae1400bf2 | 156 | if (rc == NRF_ERROR_NOT_FOUND) { |
| Vincent Coubard |
638:c90ae1400bf2 | 157 | return BLE_ERROR_INVALID_PARAM; |
| Vincent Coubard |
638:c90ae1400bf2 | 158 | } else { |
| Vincent Coubard |
638:c90ae1400bf2 | 159 | return BLE_ERROR_UNSPECIFIED; |
| Vincent Coubard |
638:c90ae1400bf2 | 160 | } |
| Vincent Coubard |
638:c90ae1400bf2 | 161 | } |
| Vincent Coubard |
638:c90ae1400bf2 | 162 | |
| Vincent Coubard |
638:c90ae1400bf2 | 163 | if ((rc = dm_security_status_req(&dmHandle, reinterpret_cast<dm_security_status_t *>(securityStatusP))) != NRF_SUCCESS) { |
| Vincent Coubard |
638:c90ae1400bf2 | 164 | switch (rc) { |
| Vincent Coubard |
638:c90ae1400bf2 | 165 | case NRF_ERROR_INVALID_STATE: |
| Vincent Coubard |
638:c90ae1400bf2 | 166 | return BLE_ERROR_INVALID_STATE; |
| Vincent Coubard |
638:c90ae1400bf2 | 167 | case NRF_ERROR_NO_MEM: |
| Vincent Coubard |
638:c90ae1400bf2 | 168 | return BLE_ERROR_NO_MEM; |
| Vincent Coubard |
638:c90ae1400bf2 | 169 | default: |
| Vincent Coubard |
638:c90ae1400bf2 | 170 | return BLE_ERROR_UNSPECIFIED; |
| Vincent Coubard |
638:c90ae1400bf2 | 171 | } |
| Vincent Coubard |
638:c90ae1400bf2 | 172 | } |
| Vincent Coubard |
638:c90ae1400bf2 | 173 | |
| Vincent Coubard |
638:c90ae1400bf2 | 174 | return BLE_ERROR_NONE; |
| Vincent Coubard |
638:c90ae1400bf2 | 175 | } |
| Vincent Coubard |
638:c90ae1400bf2 | 176 | |
| Vincent Coubard |
638:c90ae1400bf2 | 177 | ble_error_t |
| Vincent Coubard |
638:c90ae1400bf2 | 178 | btle_setLinkSecurity(Gap::Handle_t connectionHandle, SecurityManager::SecurityMode_t securityMode) |
| Vincent Coubard |
638:c90ae1400bf2 | 179 | { |
| Vincent Coubard |
638:c90ae1400bf2 | 180 | // use default and updated parameters as starting point |
| Vincent Coubard |
638:c90ae1400bf2 | 181 | // and modify structure based on security mode. |
| Vincent Coubard |
638:c90ae1400bf2 | 182 | ble_gap_sec_params_t params = securityParameters; |
| Vincent Coubard |
638:c90ae1400bf2 | 183 | |
| Vincent Coubard |
638:c90ae1400bf2 | 184 | switch (securityMode) { |
| Vincent Coubard |
638:c90ae1400bf2 | 185 | case SecurityManager::SECURITY_MODE_ENCRYPTION_OPEN_LINK: |
| Vincent Coubard |
638:c90ae1400bf2 | 186 | /**< Require no protection, open link. */ |
| Vincent Coubard |
638:c90ae1400bf2 | 187 | securityParameters.bond = false; |
| Vincent Coubard |
638:c90ae1400bf2 | 188 | securityParameters.mitm = false; |
| Vincent Coubard |
638:c90ae1400bf2 | 189 | break; |
| Vincent Coubard |
638:c90ae1400bf2 | 190 | |
| Vincent Coubard |
638:c90ae1400bf2 | 191 | case SecurityManager::SECURITY_MODE_ENCRYPTION_NO_MITM: |
| Vincent Coubard |
638:c90ae1400bf2 | 192 | /**< Require encryption, but no MITM protection. */ |
| Vincent Coubard |
638:c90ae1400bf2 | 193 | securityParameters.bond = true; |
| Vincent Coubard |
638:c90ae1400bf2 | 194 | securityParameters.mitm = false; |
| Vincent Coubard |
638:c90ae1400bf2 | 195 | break; |
| Vincent Coubard |
638:c90ae1400bf2 | 196 | |
| Vincent Coubard |
638:c90ae1400bf2 | 197 | // not yet implemented security modes |
| Vincent Coubard |
638:c90ae1400bf2 | 198 | case SecurityManager::SECURITY_MODE_NO_ACCESS: |
| Vincent Coubard |
638:c90ae1400bf2 | 199 | case SecurityManager::SECURITY_MODE_ENCRYPTION_WITH_MITM: |
| Vincent Coubard |
638:c90ae1400bf2 | 200 | /**< Require encryption and MITM protection. */ |
| Vincent Coubard |
638:c90ae1400bf2 | 201 | case SecurityManager::SECURITY_MODE_SIGNED_NO_MITM: |
| Vincent Coubard |
638:c90ae1400bf2 | 202 | /**< Require signing or encryption, but no MITM protection. */ |
| Vincent Coubard |
638:c90ae1400bf2 | 203 | case SecurityManager::SECURITY_MODE_SIGNED_WITH_MITM: |
| Vincent Coubard |
638:c90ae1400bf2 | 204 | /**< Require signing or encryption, and MITM protection. */ |
| Vincent Coubard |
638:c90ae1400bf2 | 205 | default: |
| Vincent Coubard |
638:c90ae1400bf2 | 206 | return BLE_ERROR_NOT_IMPLEMENTED; |
| Vincent Coubard |
638:c90ae1400bf2 | 207 | } |
| Vincent Coubard |
638:c90ae1400bf2 | 208 | |
| Vincent Coubard |
638:c90ae1400bf2 | 209 | // update security settings for given connection |
| Vincent Coubard |
638:c90ae1400bf2 | 210 | uint32_t result = sd_ble_gap_authenticate(connectionHandle, ¶ms); |
| Vincent Coubard |
638:c90ae1400bf2 | 211 | |
| Vincent Coubard |
638:c90ae1400bf2 | 212 | if (result == NRF_SUCCESS) { |
| Vincent Coubard |
638:c90ae1400bf2 | 213 | return BLE_ERROR_NONE; |
| Vincent Coubard |
638:c90ae1400bf2 | 214 | } else { |
| Vincent Coubard |
638:c90ae1400bf2 | 215 | return BLE_ERROR_UNSPECIFIED; |
| Vincent Coubard |
638:c90ae1400bf2 | 216 | } |
| Vincent Coubard |
638:c90ae1400bf2 | 217 | } |
| Vincent Coubard |
638:c90ae1400bf2 | 218 | |
| Vincent Coubard |
638:c90ae1400bf2 | 219 | ret_code_t |
| Vincent Coubard |
638:c90ae1400bf2 | 220 | dm_handler(dm_handle_t const *p_handle, dm_event_t const *p_event, ret_code_t event_result) |
| Vincent Coubard |
638:c90ae1400bf2 | 221 | { |
| Vincent Coubard |
638:c90ae1400bf2 | 222 | nRF5xn &ble = nRF5xn::Instance(BLE::DEFAULT_INSTANCE); |
| Vincent Coubard |
638:c90ae1400bf2 | 223 | nRF5xSecurityManager &securityManager = (nRF5xSecurityManager &) ble.getSecurityManager(); |
| Vincent Coubard |
638:c90ae1400bf2 | 224 | |
| Vincent Coubard |
638:c90ae1400bf2 | 225 | switch (p_event->event_id) { |
| Vincent Coubard |
638:c90ae1400bf2 | 226 | case DM_EVT_SECURITY_SETUP: /* started */ { |
| Vincent Coubard |
638:c90ae1400bf2 | 227 | const ble_gap_sec_params_t *peerParams = &p_event->event_param.p_gap_param->params.sec_params_request.peer_params; |
| Vincent Coubard |
638:c90ae1400bf2 | 228 | securityManager.processSecuritySetupInitiatedEvent(p_event->event_param.p_gap_param->conn_handle, |
| Vincent Coubard |
638:c90ae1400bf2 | 229 | peerParams->bond, |
| Vincent Coubard |
638:c90ae1400bf2 | 230 | peerParams->mitm, |
| Vincent Coubard |
638:c90ae1400bf2 | 231 | (SecurityManager::SecurityIOCapabilities_t)peerParams->io_caps); |
| Vincent Coubard |
638:c90ae1400bf2 | 232 | break; |
| Vincent Coubard |
638:c90ae1400bf2 | 233 | } |
| Vincent Coubard |
638:c90ae1400bf2 | 234 | case DM_EVT_SECURITY_SETUP_COMPLETE: |
| Vincent Coubard |
638:c90ae1400bf2 | 235 | securityManager. |
| Vincent Coubard |
638:c90ae1400bf2 | 236 | processSecuritySetupCompletedEvent(p_event->event_param.p_gap_param->conn_handle, |
| Vincent Coubard |
638:c90ae1400bf2 | 237 | (SecurityManager::SecurityCompletionStatus_t)(p_event->event_param.p_gap_param->params.auth_status.auth_status)); |
| Vincent Coubard |
638:c90ae1400bf2 | 238 | break; |
| Vincent Coubard |
638:c90ae1400bf2 | 239 | case DM_EVT_LINK_SECURED: { |
| Vincent Coubard |
638:c90ae1400bf2 | 240 | unsigned securityMode = p_event->event_param.p_gap_param->params.conn_sec_update.conn_sec.sec_mode.sm; |
| Vincent Coubard |
638:c90ae1400bf2 | 241 | unsigned level = p_event->event_param.p_gap_param->params.conn_sec_update.conn_sec.sec_mode.lv; |
| Vincent Coubard |
638:c90ae1400bf2 | 242 | SecurityManager::SecurityMode_t resolvedSecurityMode = SecurityManager::SECURITY_MODE_NO_ACCESS; |
| Vincent Coubard |
638:c90ae1400bf2 | 243 | switch (securityMode) { |
| Vincent Coubard |
638:c90ae1400bf2 | 244 | case 1: |
| Vincent Coubard |
638:c90ae1400bf2 | 245 | switch (level) { |
| Vincent Coubard |
638:c90ae1400bf2 | 246 | case 1: |
| Vincent Coubard |
638:c90ae1400bf2 | 247 | resolvedSecurityMode = SecurityManager::SECURITY_MODE_ENCRYPTION_OPEN_LINK; |
| Vincent Coubard |
638:c90ae1400bf2 | 248 | break; |
| Vincent Coubard |
638:c90ae1400bf2 | 249 | case 2: |
| Vincent Coubard |
638:c90ae1400bf2 | 250 | resolvedSecurityMode = SecurityManager::SECURITY_MODE_ENCRYPTION_NO_MITM; |
| Vincent Coubard |
638:c90ae1400bf2 | 251 | break; |
| Vincent Coubard |
638:c90ae1400bf2 | 252 | case 3: |
| Vincent Coubard |
638:c90ae1400bf2 | 253 | resolvedSecurityMode = SecurityManager::SECURITY_MODE_ENCRYPTION_WITH_MITM; |
| Vincent Coubard |
638:c90ae1400bf2 | 254 | break; |
| Vincent Coubard |
638:c90ae1400bf2 | 255 | } |
| Vincent Coubard |
638:c90ae1400bf2 | 256 | break; |
| Vincent Coubard |
638:c90ae1400bf2 | 257 | case 2: |
| Vincent Coubard |
638:c90ae1400bf2 | 258 | switch (level) { |
| Vincent Coubard |
638:c90ae1400bf2 | 259 | case 1: |
| Vincent Coubard |
638:c90ae1400bf2 | 260 | resolvedSecurityMode = SecurityManager::SECURITY_MODE_SIGNED_NO_MITM; |
| Vincent Coubard |
638:c90ae1400bf2 | 261 | break; |
| Vincent Coubard |
638:c90ae1400bf2 | 262 | case 2: |
| Vincent Coubard |
638:c90ae1400bf2 | 263 | resolvedSecurityMode = SecurityManager::SECURITY_MODE_SIGNED_WITH_MITM; |
| Vincent Coubard |
638:c90ae1400bf2 | 264 | break; |
| Vincent Coubard |
638:c90ae1400bf2 | 265 | } |
| Vincent Coubard |
638:c90ae1400bf2 | 266 | break; |
| Vincent Coubard |
638:c90ae1400bf2 | 267 | } |
| Vincent Coubard |
638:c90ae1400bf2 | 268 | |
| Vincent Coubard |
638:c90ae1400bf2 | 269 | securityManager.processLinkSecuredEvent(p_event->event_param.p_gap_param->conn_handle, resolvedSecurityMode); |
| Vincent Coubard |
638:c90ae1400bf2 | 270 | break; |
| Vincent Coubard |
638:c90ae1400bf2 | 271 | } |
| Vincent Coubard |
638:c90ae1400bf2 | 272 | case DM_EVT_DEVICE_CONTEXT_STORED: |
| Vincent Coubard |
638:c90ae1400bf2 | 273 | securityManager.processSecurityContextStoredEvent(p_event->event_param.p_gap_param->conn_handle); |
| Vincent Coubard |
638:c90ae1400bf2 | 274 | break; |
| Vincent Coubard |
638:c90ae1400bf2 | 275 | default: |
| Vincent Coubard |
638:c90ae1400bf2 | 276 | break; |
| Vincent Coubard |
638:c90ae1400bf2 | 277 | } |
| Vincent Coubard |
638:c90ae1400bf2 | 278 | |
| Vincent Coubard |
638:c90ae1400bf2 | 279 | return NRF_SUCCESS; |
| Vincent Coubard |
638:c90ae1400bf2 | 280 | } |
| Vincent Coubard |
638:c90ae1400bf2 | 281 | |
| Vincent Coubard |
638:c90ae1400bf2 | 282 | ble_error_t |
| Vincent Coubard |
638:c90ae1400bf2 | 283 | btle_createWhitelistFromBondTable(ble_gap_whitelist_t *p_whitelist) |
| Vincent Coubard |
638:c90ae1400bf2 | 284 | { |
| Vincent Coubard |
638:c90ae1400bf2 | 285 | if (!btle_hasInitializedSecurity()) { |
| Vincent Coubard |
638:c90ae1400bf2 | 286 | return BLE_ERROR_INITIALIZATION_INCOMPLETE; |
| Vincent Coubard |
638:c90ae1400bf2 | 287 | } |
| Vincent Coubard |
638:c90ae1400bf2 | 288 | ret_code_t err = dm_whitelist_create(&applicationInstance, p_whitelist); |
| Vincent Coubard |
638:c90ae1400bf2 | 289 | if (err == NRF_SUCCESS) { |
| Vincent Coubard |
638:c90ae1400bf2 | 290 | return BLE_ERROR_NONE; |
| Vincent Coubard |
638:c90ae1400bf2 | 291 | } else if (err == NRF_ERROR_NULL) { |
| Vincent Coubard |
638:c90ae1400bf2 | 292 | return BLE_ERROR_PARAM_OUT_OF_RANGE; |
| Vincent Coubard |
638:c90ae1400bf2 | 293 | } else { |
| Vincent Coubard |
638:c90ae1400bf2 | 294 | return BLE_ERROR_INVALID_STATE; |
| Vincent Coubard |
638:c90ae1400bf2 | 295 | } |
| Vincent Coubard |
638:c90ae1400bf2 | 296 | } |
| Vincent Coubard |
638:c90ae1400bf2 | 297 | |
| Vincent Coubard |
638:c90ae1400bf2 | 298 | |
| Vincent Coubard |
638:c90ae1400bf2 | 299 | bool |
| Vincent Coubard |
638:c90ae1400bf2 | 300 | btle_matchAddressAndIrk(ble_gap_addr_t const * p_addr, ble_gap_irk_t const * p_irk) |
| Vincent Coubard |
638:c90ae1400bf2 | 301 | { |
| Vincent Coubard |
638:c90ae1400bf2 | 302 | /* |
| Vincent Coubard |
638:c90ae1400bf2 | 303 | * Use a helper function from the Nordic SDK to test whether the BLE |
| Vincent Coubard |
638:c90ae1400bf2 | 304 | * address can be generated using the IRK. |
| Vincent Coubard |
638:c90ae1400bf2 | 305 | */ |
| Vincent Coubard |
638:c90ae1400bf2 | 306 | return im_address_resolve(p_addr, p_irk); |
| Vincent Coubard |
638:c90ae1400bf2 | 307 | } |
| Vincent Coubard |
638:c90ae1400bf2 | 308 | |
| Vincent Coubard |
638:c90ae1400bf2 | 309 | void |
| Vincent Coubard |
638:c90ae1400bf2 | 310 | btle_generateResolvableAddress(const ble_gap_irk_t &irk, ble_gap_addr_t &address) |
| Vincent Coubard |
638:c90ae1400bf2 | 311 | { |
| Vincent Coubard |
638:c90ae1400bf2 | 312 | /* Set type to resolvable */ |
| Vincent Coubard |
638:c90ae1400bf2 | 313 | address.addr_type = BLE_GAP_ADDR_TYPE_RANDOM_PRIVATE_RESOLVABLE; |
| Vincent Coubard |
638:c90ae1400bf2 | 314 | |
| Vincent Coubard |
638:c90ae1400bf2 | 315 | /* |
| Vincent Coubard |
638:c90ae1400bf2 | 316 | * Assign a random number to the most significant 3 bytes |
| Vincent Coubard |
638:c90ae1400bf2 | 317 | * of the address. |
| Vincent Coubard |
638:c90ae1400bf2 | 318 | */ |
| Vincent Coubard |
638:c90ae1400bf2 | 319 | address.addr[BLE_GAP_ADDR_LEN - 3] = 0x8E; |
| Vincent Coubard |
638:c90ae1400bf2 | 320 | address.addr[BLE_GAP_ADDR_LEN - 2] = 0x4F; |
| Vincent Coubard |
638:c90ae1400bf2 | 321 | address.addr[BLE_GAP_ADDR_LEN - 1] = 0x7C; |
| Vincent Coubard |
638:c90ae1400bf2 | 322 | |
| Vincent Coubard |
638:c90ae1400bf2 | 323 | /* Calculate the hash and store it in the top half of the address */ |
| Vincent Coubard |
638:c90ae1400bf2 | 324 | ah(irk.irk, &address.addr[BLE_GAP_ADDR_LEN - 3], address.addr); |
| Vincent Coubard |
638:c90ae1400bf2 | 325 | } |