Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
SecurityDb Class Reference
SecurityDb holds the state for active connections and bonded devices. More...
#include <SecurityDb.h>
Inherited by MemorySecurityDb.
Public Types | |
typedef void * | entry_handle_t |
Opaque type representing a handle to a database entry. | |
Public Member Functions | |
virtual const SecurityDistributionFlags_t * | get_distribution_flags (entry_handle_t db_entry)=0 |
Return immediately security flags associated to a db entry. | |
virtual void | set_distribution_flags (entry_handle_t db_entry, const SecurityDistributionFlags_t &flags)=0 |
Set the distribution flags of a DB entry. | |
virtual void | get_entry_local_keys (SecurityEntryKeysDbCb_t cb, entry_handle_t db_entry, const ediv_t &ediv, const rand_t &rand)=0 |
Retrieve stored LTK based on passed in EDIV and RAND values. | |
virtual void | get_entry_local_keys (SecurityEntryKeysDbCb_t cb, entry_handle_t db_entry)=0 |
Retrieve stored LTK generated during secure connections pairing. | |
virtual void | set_entry_local_ltk (entry_handle_t db_entry, const ltk_t <k)=0 |
Save new local LTK for a connection. | |
virtual void | set_entry_local_ediv_rand (entry_handle_t db_entry, const ediv_t &ediv, const rand_t &rand)=0 |
Update EDIV and RAND used to identify the LTK. | |
virtual void | get_entry_peer_csrk (SecurityEntryCsrkDbCb_t cb, entry_handle_t db_entry)=0 |
Return asynchronously the peer signing key through a callback so that signed packets can be verified. | |
virtual void | get_entry_peer_keys (SecurityEntryKeysDbCb_t cb, entry_handle_t db_entry)=0 |
Return asynchronously the peer encryption key through a callback so that encryption can be enabled. | |
virtual void | set_entry_peer_ltk (entry_handle_t db_entry, const ltk_t <k)=0 |
Save new LTK received from the peer. | |
virtual void | set_entry_peer_ediv_rand (entry_handle_t db_entry, const ediv_t &ediv, const rand_t &rand)=0 |
Update EDIV and RAND used to identify the LTK sent by the peer. | |
virtual void | set_entry_peer_irk (entry_handle_t db_entry, const irk_t &irk)=0 |
Update IRK for this connection. | |
virtual void | set_entry_peer_bdaddr (entry_handle_t db_entry, bool address_is_public, const address_t &peer_address)=0 |
Update the identity address of the peer. | |
virtual void | set_entry_peer_csrk (entry_handle_t db_entry, const csrk_t &csrk)=0 |
Update peer signing key. | |
virtual const csrk_t * | get_local_csrk ()=0 |
Return local signing key used for signing packets. | |
virtual void | set_local_csrk (const csrk_t &csrk)=0 |
Update local signing key. | |
virtual const public_key_coord_t & | get_public_key_x ()=0 |
Return local public key. | |
virtual const public_key_coord_t & | get_public_key_y ()=0 |
Return local public key. | |
virtual void | set_public_key (const public_key_coord_t &public_key_x, const public_key_coord_t &public_key_y)=0 |
Set local public key. | |
virtual entry_handle_t | open_entry (BLEProtocol::AddressType_t peer_address_type, const address_t &peer_address)=0 |
Open a database entry. | |
virtual void | close_entry (entry_handle_t db_entry)=0 |
Close a connection entry. | |
virtual void | remove_entry (const address_t peer_identity_address)=0 |
Remove entry for this peer from NVM. | |
virtual void | clear_entries ()=0 |
Remove all entries from the security DB. | |
virtual void | get_whitelist (WhitelistDbCb_t cb,::Gap::Whitelist_t *whitelist)=0 |
Asynchronously return the whitelist stored in NVM through a callback. | |
virtual void | generate_whitelist_from_bond_table (WhitelistDbCb_t cb,::Gap::Whitelist_t *whitelist)=0 |
Asynchronously return a whitelist through a callback, generated from the bond table. | |
virtual void | set_whitelist (const ::Gap::Whitelist_t &whitelist)=0 |
Update the whitelist stored in NVM by replacing it with new one. | |
virtual void | add_whitelist_entry (const address_t &address)=0 |
Add a new entry to the whitelist in the NVM. | |
virtual void | remove_whitelist_entry (const address_t &address)=0 |
Remove whitelist entry from NVM. | |
virtual void | clear_whitelist ()=0 |
Remove all whitelist entries stored in the NVM. | |
virtual void | restore ()=0 |
Read values from storage. | |
virtual void | sync ()=0 |
Flush all values which might be stored in memory into NVM. | |
virtual void | set_restore (bool reload)=0 |
Toggle whether values should be preserved across resets. |
Detailed Description
SecurityDb holds the state for active connections and bonded devices.
Keys can be stored in NVM and are returned via callbacks. SecurityDb is responsible for serialising any requests and keeping the store in a consistent state. Active connections state must be returned immediately.
Definition at line 93 of file SecurityDb.h.
Member Typedef Documentation
typedef void* entry_handle_t |
Opaque type representing a handle to a database entry.
Definition at line 98 of file SecurityDb.h.
Member Function Documentation
virtual void add_whitelist_entry | ( | const address_t & | address ) | [pure virtual] |
Add a new entry to the whitelist in the NVM.
- Parameters:
-
[in] address new whitelist entry
Implemented in MemorySecurityDb.
virtual void clear_entries | ( | ) | [pure virtual] |
Remove all entries from the security DB.
Implemented in MemorySecurityDb.
virtual void clear_whitelist | ( | ) | [pure virtual] |
Remove all whitelist entries stored in the NVM.
Implemented in MemorySecurityDb.
virtual void close_entry | ( | entry_handle_t | db_entry ) | [pure virtual] |
Close a connection entry.
- Parameters:
-
[in] db_entry this handle will be freed up from the security db.
Implemented in MemorySecurityDb.
virtual void generate_whitelist_from_bond_table | ( | WhitelistDbCb_t | cb, |
::Gap::Whitelist_t * | whitelist | ||
) | [pure virtual] |
Asynchronously return a whitelist through a callback, generated from the bond table.
- Parameters:
-
[in] cb callback that will receive the whitelist [in] whitelist preallocated whitelist that will be filled in
Implemented in MemorySecurityDb.
virtual const SecurityDistributionFlags_t* get_distribution_flags | ( | entry_handle_t | db_entry ) | [pure virtual] |
Return immediately security flags associated to a db entry.
- Parameters:
-
[in] db_entry Entry of the database queried.
- Returns:
- pointer to the flags or NULL if the entry do not have any associated flags.
Implemented in MemorySecurityDb.
virtual void get_entry_local_keys | ( | SecurityEntryKeysDbCb_t | cb, |
entry_handle_t | db_entry | ||
) | [pure virtual] |
Retrieve stored LTK generated during secure connections pairing.
- Parameters:
-
[in] cb callback that will receive the LTK struct [in] db_entry handle of the entry being queried.
Implemented in MemorySecurityDb.
virtual void get_entry_local_keys | ( | SecurityEntryKeysDbCb_t | cb, |
entry_handle_t | db_entry, | ||
const ediv_t & | ediv, | ||
const rand_t & | rand | ||
) | [pure virtual] |
Retrieve stored LTK based on passed in EDIV and RAND values.
- Parameters:
-
[in] cb callback that will receive the LTK struct [in] db_entry handle of the entry being queried. [in] ediv one of the values used to identify the LTK [in] rand one of the values used to identify the LTK
Implemented in MemorySecurityDb.
virtual void get_entry_peer_csrk | ( | SecurityEntryCsrkDbCb_t | cb, |
entry_handle_t | db_entry | ||
) | [pure virtual] |
Return asynchronously the peer signing key through a callback so that signed packets can be verified.
- Parameters:
-
[in] cb callback which will receive the key [in] db_entry handle of the entry being queried.
Implemented in MemorySecurityDb.
virtual void get_entry_peer_keys | ( | SecurityEntryKeysDbCb_t | cb, |
entry_handle_t | db_entry | ||
) | [pure virtual] |
Return asynchronously the peer encryption key through a callback so that encryption can be enabled.
- Parameters:
-
[in] cb callback which will receive the key [in] db_entry handle of the entry being queried.
Implemented in MemorySecurityDb.
virtual const csrk_t* get_local_csrk | ( | ) | [pure virtual] |
Return local signing key used for signing packets.
- Returns:
- pointer to local CSRK
Implemented in MemorySecurityDb.
virtual const public_key_coord_t& get_public_key_x | ( | ) | [pure virtual] |
virtual const public_key_coord_t& get_public_key_y | ( | ) | [pure virtual] |
virtual void get_whitelist | ( | WhitelistDbCb_t | cb, |
::Gap::Whitelist_t * | whitelist | ||
) | [pure virtual] |
Asynchronously return the whitelist stored in NVM through a callback.
Function takes ownership of the memory. The whitelist and the ownership will be returned in the callback.
- Parameters:
-
[in] cb callback that will receive the whitelist [in] whitelist preallocated whitelist that will be filled in
Implemented in MemorySecurityDb.
virtual entry_handle_t open_entry | ( | BLEProtocol::AddressType_t | peer_address_type, |
const address_t & | peer_address | ||
) | [pure virtual] |
Open a database entry.
While this entry is opened; it can be queried and updated with the help of the database setter and getter functions.
- Parameters:
-
[in] peer_address_type type of address [in] peer_address this address will be used to locate an existing entry.
- Returns:
- A handle to the entry.
Implemented in MemorySecurityDb.
virtual void remove_entry | ( | const address_t | peer_identity_address ) | [pure virtual] |
Remove entry for this peer from NVM.
- Parameters:
-
[in] peer_identity_address peer address that no longer needs NVM storage.
Implemented in MemorySecurityDb.
virtual void remove_whitelist_entry | ( | const address_t & | address ) | [pure virtual] |
Remove whitelist entry from NVM.
- Parameters:
-
[in] address entry to be removed
Implemented in MemorySecurityDb.
virtual void restore | ( | ) | [pure virtual] |
Read values from storage.
Implemented in MemorySecurityDb.
virtual void set_distribution_flags | ( | entry_handle_t | db_entry, |
const SecurityDistributionFlags_t & | flags | ||
) | [pure virtual] |
Set the distribution flags of a DB entry.
- Parameters:
-
[in] db_entry Entry of the database that will store the flags. [in] flags Distribution flags to store in db_entry
.
Implemented in MemorySecurityDb.
virtual void set_entry_local_ediv_rand | ( | entry_handle_t | db_entry, |
const ediv_t & | ediv, | ||
const rand_t & | rand | ||
) | [pure virtual] |
Update EDIV and RAND used to identify the LTK.
- Parameters:
-
[in] db_entry handle of the entry being updated. [in] ediv new EDIV value [in] rand new RAND value
Implemented in MemorySecurityDb.
virtual void set_entry_local_ltk | ( | entry_handle_t | db_entry, |
const ltk_t & | ltk | ||
) | [pure virtual] |
Save new local LTK for a connection.
- Parameters:
-
[in] db_entry handle of the entry being updated. [in] ltk the new LTK, if the device is slave, this is the LTK that will be used when link is encrypted
Implemented in MemorySecurityDb.
virtual void set_entry_peer_bdaddr | ( | entry_handle_t | db_entry, |
bool | address_is_public, | ||
const address_t & | peer_address | ||
) | [pure virtual] |
Update the identity address of the peer.
- Parameters:
-
[in] db_entry handle of the entry being updated. [in] address_is_public is the identity address public or private [in] peer_address the new address
Implemented in MemorySecurityDb.
virtual void set_entry_peer_csrk | ( | entry_handle_t | db_entry, |
const csrk_t & | csrk | ||
) | [pure virtual] |
Update peer signing key.
- Parameters:
-
[in] db_entry handle of the entry being updated. [in] csrk new CSRK value
Implemented in MemorySecurityDb.
virtual void set_entry_peer_ediv_rand | ( | entry_handle_t | db_entry, |
const ediv_t & | ediv, | ||
const rand_t & | rand | ||
) | [pure virtual] |
Update EDIV and RAND used to identify the LTK sent by the peer.
- Parameters:
-
[in] db_entry handle of the entry being updated. [in] ediv new EDIV value [in] rand new RAND value
Implemented in MemorySecurityDb.
virtual void set_entry_peer_irk | ( | entry_handle_t | db_entry, |
const irk_t & | irk | ||
) | [pure virtual] |
Update IRK for this connection.
- Parameters:
-
[in] db_entry handle of the entry being updated. [in] irk new IRK value
Implemented in MemorySecurityDb.
virtual void set_entry_peer_ltk | ( | entry_handle_t | db_entry, |
const ltk_t & | ltk | ||
) | [pure virtual] |
Save new LTK received from the peer.
- Parameters:
-
[in] db_entry handle of the entry being updated. [in] ltk the new LTK, if the peer device is slave, this is the LTK that will be used when link is encrypted
Implemented in MemorySecurityDb.
virtual void set_local_csrk | ( | const csrk_t & | csrk ) | [pure virtual] |
virtual void set_public_key | ( | const public_key_coord_t & | public_key_x, |
const public_key_coord_t & | public_key_y | ||
) | [pure virtual] |
Set local public key.
- Parameters:
-
[in] public_key_x new public key value of the x coordinate [in] public_key_y new public key value of the y coordinate
Implemented in MemorySecurityDb.
virtual void set_restore | ( | bool | reload ) | [pure virtual] |
Toggle whether values should be preserved across resets.
- Parameters:
-
[in] reload if true values will be preserved across resets.
Implemented in MemorySecurityDb.
virtual void set_whitelist | ( | const ::Gap::Whitelist_t & | whitelist ) | [pure virtual] |
Update the whitelist stored in NVM by replacing it with new one.
- Parameters:
-
[in] whitelist
Implemented in MemorySecurityDb.
virtual void sync | ( | ) | [pure virtual] |
Flush all values which might be stored in memory into NVM.
Implemented in MemorySecurityDb.
Generated on Tue Jul 12 2022 18:19:08 by
