Amit Gandhi
/
nRF51822_KJL
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Fork of
nRF51822
by 
Nordic Semiconductor
Revision 598:814c1ce92947, committed 2016-01-11
- Comitter:
- vcoubard
- Date:
- Mon Jan 11 10:19:35 2016 +0000
- Parent:
- 597:bcd5e287c494
- Child:
- 599:3e66e1eb264d
- Commit message:
- Synchronized with git rev c9b6bb9b
Author: Andres Amaya Garcia
Almost complete implementation of whitelisting API
Changed in this revision
--- a/source/btle/btle_security.cpp Mon Jan 11 10:19:35 2016 +0000
+++ b/source/btle/btle_security.cpp Mon Jan 11 10:19:35 2016 +0000
@@ -21,11 +21,13 @@
extern "C" {
#include "pstorage.h"
#include "device_manager.h"
+#include "id_manager.h"
}
#include "btle_security.h"
static dm_application_instance_t applicationInstance;
+static bool initialized = false;
static ret_code_t dm_handler(dm_handle_t const *p_handle, dm_event_t const *p_event, ret_code_t event_result);
// default security parameters
@@ -43,7 +45,7 @@
}, /**< Key distribution bitmap: keys that the peripheral device will distribute. */
};
-ble_error_t btle_createWhitelistFromBonds(ble_gap_whitelist_t *p_whitelist)
+ble_error_t btle_createWhitelistFromBondTable(ble_gap_whitelist_t *p_whitelist)
{
ret_code_t err = dm_whitelist_create(&applicationInstance, p_whitelist);
if (err == NRF_SUCCESS) {
@@ -55,6 +57,11 @@
}
}
+bool btle_hasInitializedSecurity(void)
+{
+ return initialized;
+}
+
ble_error_t
btle_initializeSecurity(bool enableBonding,
bool requireMITM,
@@ -62,7 +69,6 @@
const SecurityManager::Passkey_t passkey)
{
/* guard against multiple initializations */
- static bool initialized = false;
if (initialized) {
return BLE_ERROR_NONE;
}
@@ -273,4 +279,9 @@
}
return NRF_SUCCESS;
+}
+
+bool btle_matchAddressAndIrk(ble_gap_addr_t const * p_addr, ble_gap_irk_t const * p_irk)
+{
+ return im_address_resolve(p_addr, p_irk);
}
\ No newline at end of file
--- a/source/btle/btle_security.h Mon Jan 11 10:19:35 2016 +0000
+++ b/source/btle/btle_security.h Mon Jan 11 10:19:35 2016 +0000
@@ -40,7 +40,7 @@
SecurityManager::SecurityIOCapabilities_t iocaps = SecurityManager::IO_CAPS_NONE,
const SecurityManager::Passkey_t passkey = NULL);
-ble_error_t btle_createWhitelistFromBonds(ble_gap_whitelist_t *p_whitelist);
+ble_error_t btle_createWhitelistFromBondTable(ble_gap_whitelist_t *p_whitelist);
/**
* Get the security status of a link.
@@ -77,4 +77,8 @@
*/
ble_error_t btle_purgeAllBondingState(void);
+bool btle_hasInitializedSecurity(void);
+
+bool btle_matchAddressAndIrk(ble_gap_addr_t const * p_addr, ble_gap_irk_t const * p_irk);
+
#endif /* _BTLE_SECURITY_H_ */
\ No newline at end of file
--- a/source/nRF5xGap.cpp Mon Jan 11 10:19:35 2016 +0000
+++ b/source/nRF5xGap.cpp Mon Jan 11 10:19:35 2016 +0000
@@ -168,6 +168,18 @@
return BLE_ERROR_PARAM_OUT_OF_RANGE;
}
+ /* Add missing IRKs to whitelist from the bond table held by the SoftDevice */
+ if (advertisingPolicyMode != Gap::ADV_POLICY_IGNORE_WHITELIST) {
+ ble_error_t error = generateStackWhitelist();
+ if (error != BLE_ERROR_NONE) {
+ return error;
+ }
+ } else {
+ /* Reset the whitelist table to avoid any errors */
+ whitelist.addr_count = 0;
+ whitelist.irk_count = 0;
+ }
+
/* Start Advertising */
ble_gap_adv_params_t adv_para = {0};
@@ -185,6 +197,47 @@
return BLE_ERROR_NONE;
}
+/* Observer role is not supported by S110, return BLE_ERROR_NOT_IMPLEMENTED */
+#if !defined(TARGET_MCU_NRF51_16K_S110) && !defined(TARGET_MCU_NRF51_32K_S110)
+ble_error_t nRF5xGap::startRadioScan(const GapScanningParams &scanningParams) {
+
+ /* Add missing IRKs to whitelist from the bond table held by the SoftDevice */
+ if (scanningPolicyMode != Gap::SCAN_POLICY_IGNORE_WHITELIST) {
+ ble_error_t error = generateStackWhitelist();
+ if (error != BLE_ERROR_NONE) {
+ return error;
+ }
+ } else {
+ /* Reset the whitelist table to avoid any errors */
+ whitelist.addr_count = 0;
+ whitelist.irk_count = 0;
+ }
+
+ ble_gap_scan_params_t scanParams = {
+ .active = scanningParams.getActiveScanning(), /**< If 1, perform active scanning (scan requests). */
+ .selective = scanningPolicyMode, /**< If 1, ignore unknown devices (non whitelisted). */
+ .p_whitelist = &whitelist, /**< Pointer to whitelist, NULL if none is given. */
+ .interval = scanningParams.getInterval(), /**< Scan interval between 0x0004 and 0x4000 in 0.625ms units (2.5ms to 10.24s). */
+ .window = scanningParams.getWindow(), /**< Scan window between 0x0004 and 0x4000 in 0.625ms units (2.5ms to 10.24s). */
+ .timeout = scanningParams.getTimeout(), /**< Scan timeout between 0x0001 and 0xFFFF in seconds, 0x0000 disables timeout. */
+ };
+
+ if (sd_ble_gap_scan_start(&scanParams) != NRF_SUCCESS) {
+ return BLE_ERROR_PARAM_OUT_OF_RANGE;
+ }
+
+ return BLE_ERROR_NONE;
+}
+
+ble_error_t nRF5xGap::stopScan(void) {
+ if (sd_ble_gap_scan_stop() == NRF_SUCCESS) {
+ return BLE_ERROR_NONE;
+ }
+
+ return BLE_STACK_BUSY;
+}
+#endif
+
/**************************************************************************/
/*!
@brief Stops the BLE HW and disconnects from any devices
@@ -233,6 +286,18 @@
connParams.conn_sup_timeout = 600;
}
+ /* Add missing IRKs to whitelist from the bond table held by the SoftDevice */
+ if (scanningPolicyMode != Gap::SCAN_POLICY_IGNORE_WHITELIST) {
+ ble_error_t error = generateStackWhitelist();
+ if (error != BLE_ERROR_NONE) {
+ return error;
+ }
+ } else {
+ /* Reset the whitelist table to avoid any errors */
+ whitelist.addr_count = 0;
+ whitelist.irk_count = 0;
+ }
+
ble_gap_scan_params_t scanParams;
scanParams.selective = scanningPolicyMode; /**< If 1, ignore unknown devices (non whitelisted). */
scanParams.p_whitelist = &whitelist; /**< Pointer to whitelist, NULL if none is given. */
@@ -508,50 +573,58 @@
*countP = sizeof(permittedTxValues) / sizeof(int8_t);
}
-/////////////////////////WHITELISTING
-int8_t nRF5xGap::getMaxWhitelistSize(void) const
+uint8_t nRF5xGap::getMaxWhitelistSize(void) const
{
return YOTTA_CFG_WHITELIST_MAX_SIZE;
}
-ble_error_t nRF5xGap::getWhitelist(std::set<BLEProtocol::Address_t> &whitelist) const
+ble_error_t nRF5xGap::getWhitelist(Gap::Whitelist_t &whitelistOut) const
{
- for (uint8_t i = 0; i < whitelistAddressesSize; i++) {
- BLEProtocol::Address_t addr;//((BLEProtocol::AddressType_t)whitelistAddrs[i].addr_type, (BLEProtocol::AddressBytes_t) whitelistAddrs[i].addr);
- addr.type = (BLEProtocol::AddressType_t) whitelistAddrs[i].addr_type;
- memcpy(addr.address, whitelistAddrs[i].addr, sizeof(BLEProtocol::AddressBytes_t));
- whitelist.insert(addr);
+ uint8_t i;
+ for (i = 0; i < whitelistAddressesSize && i < whitelistOut.capacity; ++i) {
+ memcpy(&whitelistOut.addresses[i], &whitelistAddresses[i], sizeof(BLEProtocol::Address_t));
}
+ whitelistOut.size = i;
+
return BLE_ERROR_NONE;
}
-ble_error_t nRF5xGap::setWhitelist(std::set<BLEProtocol::Address_t> whitelistIn)
+ble_error_t nRF5xGap::setWhitelist(const Gap::Whitelist_t &whitelistIn)
{
+ if (whitelistIn.size > getMaxWhitelistSize()) {
+ return BLE_ERROR_PARAM_OUT_OF_RANGE;
+ }
+
whitelistAddressesSize = 0;
- for (std::set<BLEProtocol::Address_t>::iterator it = whitelistIn.begin(); it != whitelistIn.end(); it++) {
- whitelistAddrs[whitelistAddressesSize].addr_type = it->type;
- memcpy(whitelistAddrs[whitelistAddressesSize].addr, it->address, sizeof(BLEProtocol::AddressBytes_t));
+ for (uint8_t i = 0; i < whitelistIn.size; ++i) {
+ if (whitelistIn.addresses[i].type == BLEProtocol::AddressType_t::RANDOM_PRIVATE_NON_RESOLVABLE) {
+ /* This is not allowed because it is completely meaningless */
+ return BLE_ERROR_INVALID_PARAM;
+ }
+ memcpy(&whitelistAddresses[whitelistAddressesSize], &whitelistIn.addresses[i], sizeof(BLEProtocol::Address_t));
whitelistAddressesSize++;
}
- whitelist.addr_count = whitelistAddressesSize;
- whitelist.irk_count = whitelistIrksSize;
+
return BLE_ERROR_NONE;
}
-// Accessors
-void nRF5xGap::setAdvertisingPolicyMode(Gap::AdvertisingPolicyMode_t mode)
+ble_error_t nRF5xGap::setAdvertisingPolicyMode(Gap::AdvertisingPolicyMode_t mode)
{
advertisingPolicyMode = mode;
+
+ return BLE_ERROR_NONE;
}
-void nRF5xGap::setScanningPolicyMode(Gap::ScanningPolicyMode_t mode)
+ble_error_t nRF5xGap::setScanningPolicyMode(Gap::ScanningPolicyMode_t mode)
{
scanningPolicyMode = mode;
+
+ return BLE_ERROR_NONE;
}
-void nRF5xGap::setInitiatorPolicyMode(Gap::InitiatorPolicyMode_t mode)
+ble_error_t nRF5xGap::setInitiatorPolicyMode(Gap::InitiatorPolicyMode_t mode)
{
- initiatorPolicyMode = mode;
+ return BLE_ERROR_NOT_IMPLEMENTED;
}
Gap::AdvertisingPolicyMode_t nRF5xGap::getAdvertisingPolicyMode(void) const
@@ -566,6 +639,78 @@
Gap::InitiatorPolicyMode_t nRF5xGap::getInitiatorPolicyMode(void) const
{
- return initiatorPolicyMode;
+ return Gap::INIT_POLICY_IGNORE_WHITELIST;
}
-/////////////////////////
\ No newline at end of file
+
+ble_error_t nRF5xGap::generateStackWhitelist(void)
+{
+ ble_gap_whitelist_t whitelistFromBondTable;
+ ble_gap_addr_t *addressPtr[1];
+ ble_gap_irk_t *irkPtr[YOTTA_CFG_IRK_TABLE_MAX_SIZE];
+
+ nRF5xSecurityManager& securityManager = (nRF5xSecurityManager&) nRF5xn::Instance(0).getSecurityManager();
+
+ if (securityManager.hasInitialized()) {
+ /* We do not care about the addresses, set the count to 0 */
+ whitelistFromBondTable.addr_count = 0;
+ /* The Nordic SDK will return a failure if we set pp_addr to NULL */
+ whitelistFromBondTable.pp_addrs = addressPtr;
+ /* We want all the IRKs we can get because we do not know which ones match the addresses */
+ whitelistFromBondTable.irk_count = YOTTA_CFG_IRK_TABLE_MAX_SIZE;
+ whitelistFromBondTable.pp_irks = irkPtr;
+
+ /* Use the security manager to get the IRKs from the bond table */
+ ble_error_t error = securityManager.createWhitelistFromBondTable(whitelistFromBondTable);
+ if (error != BLE_ERROR_NONE) {
+ return error;
+ }
+ } else {
+ /**
+ * If there is no security manager then we cannot access the bond table,
+ * so disable IRK matching
+ */
+ whitelistFromBondTable.addr_count = 0;
+ whitelistFromBondTable.irk_count = 0;
+ }
+
+ /**
+ * For every private resolvable address in the local whitelist check if
+ * there is an IRK for said address in the bond table and add it to the
+ * local IRK list.
+ */
+ whitelist.irk_count = 0;
+ whitelist.addr_count = 0;
+ for (uint8_t i = 0; i < whitelistAddressesSize; ++i) {
+ if (whitelistAddresses[i].addr_type == BLEProtocol::AddressType_t::RANDOM_PRIVATE_RESOLVABLE) {
+ /* Test if there is a matching IRK for this private resolvable address */
+ for (uint8_t j = 0; j < whitelistFromBondTable.irk_count; ++j) {
+ if (securityManager.matchAddressAndIrk(&whitelistAddresses[i], whitelistFromBondTable.pp_irks[j])) {
+ /* Found the corresponding IRK, add it to our local whitelist */
+ whitelist.pp_irks[whitelist.irk_count] = whitelistFromBondTable.pp_irks[j];
+ whitelist.irk_count++;
+ /* Make sure we do not look at this IRK again */
+ if (j != whitelistFromBondTable.irk_count - 1) {
+ /**
+ * This is not the last IRK, so replace the pointer
+ * with the last pointer in the array
+ */
+ whitelistFromBondTable.pp_irks[j] =
+ whitelistFromBondTable.pp_irks[whitelistFromBondTable.irk_count - 1];
+ }
+ /**
+ * If the IRK is the last pointer in the array simply
+ * decrement the total IRK count
+ */
+ whitelistFromBondTable.irk_count--;
+ break;
+ }
+ }
+ } else {
+ /* Include the address into the whitelist */
+ whitelist.pp_addrs[whitelist.addr_count] = &whitelistAddresses[i];
+ whitelist.addr_count++;
+ }
+ }
+
+ return BLE_ERROR_NONE;
+}
\ No newline at end of file
--- a/source/nRF5xGap.h Mon Jan 11 10:19:35 2016 +0000
+++ b/source/nRF5xGap.h Mon Jan 11 10:19:35 2016 +0000
@@ -28,6 +28,12 @@
#undef YOTTA_CFG_WHITELIST_MAX_SIZE
#define YOTTA_CFG_WHITELIST_MAX_SIZE BLE_GAP_WHITELIST_ADDR_MAX_COUNT
#endif
+#ifndef YOTTA_CFG_IRK_TABLE_MAX_SIZE
+ #define YOTTA_CFG_IRK_TABLE_MAX_SIZE BLE_GAP_WHITELIST_IRK_MAX_COUNT
+#elif YOTTA_CFG_IRK_TABLE_MAX_SIZE > BLE_GAP_WHITELIST_IRK_MAX_COUNT
+ #undef YOTTA_CFG_IRK_TABLE_MAX_SIZE
+ #define YOTTA_CFG_IRK_TABLE_MAX_SIZE BLE_GAP_WHITELIST_IRK_MAX_COUNT
+#endif
#include "ble/blecommon.h"
#include "ble.h"
#include "ble/GapAdvertisingParams.h"
@@ -43,8 +49,6 @@
#include "btle_security.h"
-#include <set>
-
void radioNotificationStaticCallback(bool param);
/**************************************************************************/
@@ -88,19 +92,16 @@
virtual ble_error_t reset(void);
- /////////////////// WHITELISTING
- virtual int8_t getMaxWhitelistSize(void) const;
- virtual ble_error_t getWhitelist(std::set<BLEProtocol::Address_t> &whitelist) const;
- virtual ble_error_t setWhitelist(std::set<BLEProtocol::Address_t> whitelist);
+ virtual uint8_t getMaxWhitelistSize(void) const;
+ virtual ble_error_t getWhitelist(Gap::Whitelist_t &whitelistOut) const;
+ virtual ble_error_t setWhitelist(const Gap::Whitelist_t &whitelistIn);
- // Accessors
- virtual void setAdvertisingPolicyMode(AdvertisingPolicyMode_t mode);
- virtual void setScanningPolicyMode(ScanningPolicyMode_t mode);
- virtual void setInitiatorPolicyMode(InitiatorPolicyMode_t mode);
+ virtual ble_error_t setAdvertisingPolicyMode(AdvertisingPolicyMode_t mode);
+ virtual ble_error_t setScanningPolicyMode(ScanningPolicyMode_t mode);
+ virtual ble_error_t setInitiatorPolicyMode(InitiatorPolicyMode_t mode);
virtual Gap::AdvertisingPolicyMode_t getAdvertisingPolicyMode(void) const;
virtual Gap::ScanningPolicyMode_t getScanningPolicyMode(void) const;
virtual Gap::InitiatorPolicyMode_t getInitiatorPolicyMode(void) const;
- ///////////////////
virtual ble_error_t initRadioNotification(void) {
if (ble_radio_notification_init(NRF_APP_PRIORITY_HIGH, NRF_RADIO_NOTIFICATION_DISTANCE_800US, radioNotificationStaticCallback) == NRF_SUCCESS) {
@@ -112,47 +113,31 @@
/* Observer role is not supported by S110, return BLE_ERROR_NOT_IMPLEMENTED */
#if !defined(TARGET_MCU_NRF51_16K_S110) && !defined(TARGET_MCU_NRF51_32K_S110)
- virtual ble_error_t startRadioScan(const GapScanningParams &scanningParams) {
- ble_gap_scan_params_t scanParams = {
- .active = scanningParams.getActiveScanning(), /**< If 1, perform active scanning (scan requests). */
- .selective = scanningPolicyMode, /**< If 1, ignore unknown devices (non whitelisted). */
- .p_whitelist = &whitelist, /**< Pointer to whitelist, NULL if none is given. */
- .interval = scanningParams.getInterval(), /**< Scan interval between 0x0004 and 0x4000 in 0.625ms units (2.5ms to 10.24s). */
- .window = scanningParams.getWindow(), /**< Scan window between 0x0004 and 0x4000 in 0.625ms units (2.5ms to 10.24s). */
- .timeout = scanningParams.getTimeout(), /**< Scan timeout between 0x0001 and 0xFFFF in seconds, 0x0000 disables timeout. */
- };
-
- if (sd_ble_gap_scan_start(&scanParams) != NRF_SUCCESS) {
- return BLE_ERROR_PARAM_OUT_OF_RANGE;
- }
-
- return BLE_ERROR_NONE;
- }
-
- virtual ble_error_t stopScan(void) {
- if (sd_ble_gap_scan_stop() == NRF_SUCCESS) {
- return BLE_ERROR_NONE;
- }
-
- return BLE_STACK_BUSY;
- }
+ virtual ble_error_t startRadioScan(const GapScanningParams &scanningParams);
+ virtual ble_error_t stopScan(void);
#endif
private:
- /////////////////WHITELISTING
+ /* Policy modes set by the user. By default these are set to ignore the whitelist */
Gap::AdvertisingPolicyMode_t advertisingPolicyMode;
Gap::ScanningPolicyMode_t scanningPolicyMode;
- Gap::InitiatorPolicyMode_t initiatorPolicyMode; /* Unused */
- ble_gap_addr_t whitelistAddrs[YOTTA_CFG_WHITELIST_MAX_SIZE];
- ble_gap_addr_t *whitelistAddresses[YOTTA_CFG_WHITELIST_MAX_SIZE];
- uint8_t whitelistAddressesSize;
- ble_gap_irk_t *whitelistIrks[YOTTA_CFG_WHITELIST_MAX_SIZE];
- uint8_t whitelistIrksSize;
+ /* Internal representation of a whitelist */
+ uint8_t whitelistAddressesSize;
+ ble_gap_addr_t whitelistAddresses[YOTTA_CFG_WHITELIST_MAX_SIZE];
+ ble_gap_addr_t *whitelistAddressPtrs[YOTTA_CFG_WHITELIST_MAX_SIZE];
+ ble_gap_irk_t *whitelistIrkPtrs[YOTTA_CFG_IRK_TABLE_MAX_SIZE];
+ /* Structure used by the SoftDevice to represent a whitelist together with IRK table */
ble_gap_whitelist_t whitelist;
- /////////////////
+ /*
+ * An internal function used to populate the ble_gap_whitelist_t that will be used by
+ * the SoftDevice for filtering requests. This function is needed because for the BLE
+ * API the whitelist is just a collection of keys, but for the stack it also includes
+ * the IRK table.
+ */
+ ble_error_t generateStackWhitelist(void);
bool radioNotificationCallbackParam; /* parameter to be passed into the Timeout-generated radio notification callback. */
Timeout radioNotificationTimeout;
@@ -245,17 +230,15 @@
nRF5xGap() :
advertisingPolicyMode(Gap::ADV_POLICY_IGNORE_WHITELIST),
- scanningPolicyMode(Gap::SCAN_POLICY_IGNORE_WHITELIST),
- initiatorPolicyMode(Gap::INIT_POLICY_IGNORE_WHITELIST),
- whitelistAddressesSize(0),
- whitelistIrksSize(0) {
+ scanningPolicyMode(Gap::SCAN_POLICY_IGNORE_WHITELIST) {
m_connectionHandle = BLE_CONN_HANDLE_INVALID;
- whitelist.pp_addrs = whitelistAddresses;
- for (int i = 0; i < YOTTA_CFG_WHITELIST_MAX_SIZE; i++) {
- whitelistAddresses[i] = &(whitelistAddrs[i]);
- }
- whitelist.pp_irks = whitelistIrks;
+ /* Reset the whitelist */
+ whitelist.addr_count = 0;
+ whitelist.irk_count = 0;
+ whitelist.pp_irks = whitelistIrkPtrs;
+ whitelist.pp_addrs = whitelistAddressPtrs;
+ whitelistAddressesSize = 0;
}
nRF5xGap(nRF5xGap const &);
--- a/source/nRF5xSecurityManager.h Mon Jan 11 10:19:35 2016 +0000
+++ b/source/nRF5xSecurityManager.h Mon Jan 11 10:19:35 2016 +0000
@@ -19,6 +19,7 @@
#include <stddef.h>
+#include "nRF5xGap.h"
#include "ble/SecurityManager.h"
#include "btle_security.h"
@@ -60,6 +61,10 @@
return BLE_ERROR_NONE;
}
+ bool hasInitialized(void) const {
+ return btle_hasInitializedSecurity();
+ }
+
public:
/*
* Allow instantiation from nRF5xn when required.
@@ -73,6 +78,15 @@
private:
nRF5xSecurityManager(const nRF5xSecurityManager &);
const nRF5xSecurityManager& operator=(const nRF5xSecurityManager &);
+
+ ble_error_t createWhitelistFromBondTable(ble_gap_whitelist_t &whitelistFromBondTable) const {
+ return btle_createWhitelistFromBondTable(&whitelistFromBondTable);
+ }
+
+ bool matchAddressAndIrk(ble_gap_addr_t *address, ble_gap_irk_t *irk) const {
+ return btle_matchAddressAndIrk(address, irk);
+ }
+ friend class nRF5xGap;
};
#endif // ifndef __NRF51822_SECURITY_MANAGER_H__
\ No newline at end of file