Nicolas Borla / Mbed OS BBR_1Ebene
Embed: (wiki syntax)

« Back to documentation index

SecurityDb Class Reference

SecurityDb Class Reference

SecurityDb holds the state for active connections and bonded devices. More...

#include <SecurityDb.h>

Inherited by MemorySecurityDb.

Public Types

typedef void * entry_handle_t
 Opaque type representing a handle to a database entry.

Public Member Functions

virtual const
SecurityDistributionFlags_t
get_distribution_flags (entry_handle_t db_entry)=0
 Return immediately security flags associated to a db entry.
virtual void set_distribution_flags (entry_handle_t db_entry, const SecurityDistributionFlags_t &flags)=0
 Set the distribution flags of a DB entry.
virtual void get_entry_local_keys (SecurityEntryKeysDbCb_t cb, entry_handle_t db_entry, const ediv_t &ediv, const rand_t &rand)=0
 Retrieve stored LTK based on passed in EDIV and RAND values.
virtual void get_entry_local_keys (SecurityEntryKeysDbCb_t cb, entry_handle_t db_entry)=0
 Retrieve stored LTK generated during secure connections pairing.
virtual void set_entry_local_ltk (entry_handle_t db_entry, const ltk_t &ltk)=0
 Save new local LTK for a connection.
virtual void set_entry_local_ediv_rand (entry_handle_t db_entry, const ediv_t &ediv, const rand_t &rand)=0
 Update EDIV and RAND used to identify the LTK.
virtual void get_entry_peer_csrk (SecurityEntryCsrkDbCb_t cb, entry_handle_t db_entry)=0
 Return asynchronously the peer signing key through a callback so that signed packets can be verified.
virtual void get_entry_peer_keys (SecurityEntryKeysDbCb_t cb, entry_handle_t db_entry)=0
 Return asynchronously the peer encryption key through a callback so that encryption can be enabled.
virtual void set_entry_peer_ltk (entry_handle_t db_entry, const ltk_t &ltk)=0
 Save new LTK received from the peer.
virtual void set_entry_peer_ediv_rand (entry_handle_t db_entry, const ediv_t &ediv, const rand_t &rand)=0
 Update EDIV and RAND used to identify the LTK sent by the peer.
virtual void set_entry_peer_irk (entry_handle_t db_entry, const irk_t &irk)=0
 Update IRK for this connection.
virtual void set_entry_peer_bdaddr (entry_handle_t db_entry, bool address_is_public, const address_t &peer_address)=0
 Update the identity address of the peer.
virtual void set_entry_peer_csrk (entry_handle_t db_entry, const csrk_t &csrk)=0
 Update peer signing key.
virtual const csrk_t * get_local_csrk ()=0
 Return local signing key used for signing packets.
virtual void set_local_csrk (const csrk_t &csrk)=0
 Update local signing key.
virtual const public_key_coord_tget_public_key_x ()=0
 Return local public key.
virtual const public_key_coord_tget_public_key_y ()=0
 Return local public key.
virtual void set_public_key (const public_key_coord_t &public_key_x, const public_key_coord_t &public_key_y)=0
 Set local public key.
virtual entry_handle_t open_entry (BLEProtocol::AddressType_t peer_address_type, const address_t &peer_address)=0
 Open a database entry.
virtual void close_entry (entry_handle_t db_entry)=0
 Close a connection entry.
virtual void remove_entry (const address_t peer_identity_address)=0
 Remove entry for this peer from NVM.
virtual void clear_entries ()=0
 Remove all entries from the security DB.
virtual void get_whitelist (WhitelistDbCb_t cb,::Gap::Whitelist_t *whitelist)=0
 Asynchronously return the whitelist stored in NVM through a callback.
virtual void generate_whitelist_from_bond_table (WhitelistDbCb_t cb,::Gap::Whitelist_t *whitelist)=0
 Asynchronously return a whitelist through a callback, generated from the bond table.
virtual void set_whitelist (const ::Gap::Whitelist_t &whitelist)=0
 Update the whitelist stored in NVM by replacing it with new one.
virtual void add_whitelist_entry (const address_t &address)=0
 Add a new entry to the whitelist in the NVM.
virtual void remove_whitelist_entry (const address_t &address)=0
 Remove whitelist entry from NVM.
virtual void clear_whitelist ()=0
 Remove all whitelist entries stored in the NVM.
virtual void restore ()=0
 Read values from storage.
virtual void sync ()=0
 Flush all values which might be stored in memory into NVM.
virtual void set_restore (bool reload)=0
 Toggle whether values should be preserved across resets.

Detailed Description

SecurityDb holds the state for active connections and bonded devices.

Keys can be stored in NVM and are returned via callbacks. SecurityDb is responsible for serialising any requests and keeping the store in a consistent state. Active connections state must be returned immediately.

Definition at line 93 of file SecurityDb.h.


Member Typedef Documentation

typedef void* entry_handle_t

Opaque type representing a handle to a database entry.

Definition at line 98 of file SecurityDb.h.


Member Function Documentation

virtual void add_whitelist_entry ( const address_t address ) [pure virtual]

Add a new entry to the whitelist in the NVM.

Parameters:
[in]addressnew whitelist entry

Implemented in MemorySecurityDb.

virtual void clear_entries (  ) [pure virtual]

Remove all entries from the security DB.

Implemented in MemorySecurityDb.

virtual void clear_whitelist (  ) [pure virtual]

Remove all whitelist entries stored in the NVM.

Implemented in MemorySecurityDb.

virtual void close_entry ( entry_handle_t  db_entry ) [pure virtual]

Close a connection entry.

Parameters:
[in]db_entrythis handle will be freed up from the security db.

Implemented in MemorySecurityDb.

virtual void generate_whitelist_from_bond_table ( WhitelistDbCb_t  cb,
::Gap::Whitelist_t whitelist 
) [pure virtual]

Asynchronously return a whitelist through a callback, generated from the bond table.

Parameters:
[in]cbcallback that will receive the whitelist
[in]whitelistpreallocated whitelist that will be filled in

Implemented in MemorySecurityDb.

virtual const SecurityDistributionFlags_t* get_distribution_flags ( entry_handle_t  db_entry ) [pure virtual]

Return immediately security flags associated to a db entry.

Parameters:
[in]db_entryEntry of the database queried.
Returns:
pointer to the flags or NULL if the entry do not have any associated flags.

Implemented in MemorySecurityDb.

virtual void get_entry_local_keys ( SecurityEntryKeysDbCb_t  cb,
entry_handle_t  db_entry 
) [pure virtual]

Retrieve stored LTK generated during secure connections pairing.

Parameters:
[in]cbcallback that will receive the LTK struct
[in]db_entryhandle of the entry being queried.

Implemented in MemorySecurityDb.

virtual void get_entry_local_keys ( SecurityEntryKeysDbCb_t  cb,
entry_handle_t  db_entry,
const ediv_t ediv,
const rand_t &  rand 
) [pure virtual]

Retrieve stored LTK based on passed in EDIV and RAND values.

Parameters:
[in]cbcallback that will receive the LTK struct
[in]db_entryhandle of the entry being queried.
[in]edivone of the values used to identify the LTK
[in]randone of the values used to identify the LTK

Implemented in MemorySecurityDb.

virtual void get_entry_peer_csrk ( SecurityEntryCsrkDbCb_t  cb,
entry_handle_t  db_entry 
) [pure virtual]

Return asynchronously the peer signing key through a callback so that signed packets can be verified.

Parameters:
[in]cbcallback which will receive the key
[in]db_entryhandle of the entry being queried.

Implemented in MemorySecurityDb.

virtual void get_entry_peer_keys ( SecurityEntryKeysDbCb_t  cb,
entry_handle_t  db_entry 
) [pure virtual]

Return asynchronously the peer encryption key through a callback so that encryption can be enabled.

Parameters:
[in]cbcallback which will receive the key
[in]db_entryhandle of the entry being queried.

Implemented in MemorySecurityDb.

virtual const csrk_t* get_local_csrk (  ) [pure virtual]

Return local signing key used for signing packets.

Returns:
pointer to local CSRK

Implemented in MemorySecurityDb.

virtual const public_key_coord_t& get_public_key_x (  ) [pure virtual]

Return local public key.

Returns:
ref to x component of public key

Implemented in MemorySecurityDb.

virtual const public_key_coord_t& get_public_key_y (  ) [pure virtual]

Return local public key.

Returns:
ref to y component of public key

Implemented in MemorySecurityDb.

virtual void get_whitelist ( WhitelistDbCb_t  cb,
::Gap::Whitelist_t whitelist 
) [pure virtual]

Asynchronously return the whitelist stored in NVM through a callback.

Function takes ownership of the memory. The whitelist and the ownership will be returned in the callback.

Parameters:
[in]cbcallback that will receive the whitelist
[in]whitelistpreallocated whitelist that will be filled in

Implemented in MemorySecurityDb.

virtual entry_handle_t open_entry ( BLEProtocol::AddressType_t  peer_address_type,
const address_t peer_address 
) [pure virtual]

Open a database entry.

While this entry is opened; it can be queried and updated with the help of the database setter and getter functions.

Parameters:
[in]peer_address_typetype of address
[in]peer_addressthis address will be used to locate an existing entry.
Returns:
A handle to the entry.

Implemented in MemorySecurityDb.

virtual void remove_entry ( const address_t  peer_identity_address ) [pure virtual]

Remove entry for this peer from NVM.

Parameters:
[in]peer_identity_addresspeer address that no longer needs NVM storage.

Implemented in MemorySecurityDb.

virtual void remove_whitelist_entry ( const address_t address ) [pure virtual]

Remove whitelist entry from NVM.

Parameters:
[in]addressentry to be removed

Implemented in MemorySecurityDb.

virtual void restore (  ) [pure virtual]

Read values from storage.

Implemented in MemorySecurityDb.

virtual void set_distribution_flags ( entry_handle_t  db_entry,
const SecurityDistributionFlags_t flags 
) [pure virtual]

Set the distribution flags of a DB entry.

Parameters:
[in]db_entryEntry of the database that will store the flags.
[in]flagsDistribution flags to store in db_entry.

Implemented in MemorySecurityDb.

virtual void set_entry_local_ediv_rand ( entry_handle_t  db_entry,
const ediv_t ediv,
const rand_t &  rand 
) [pure virtual]

Update EDIV and RAND used to identify the LTK.

Parameters:
[in]db_entryhandle of the entry being updated.
[in]edivnew EDIV value
[in]randnew RAND value

Implemented in MemorySecurityDb.

virtual void set_entry_local_ltk ( entry_handle_t  db_entry,
const ltk_t &  ltk 
) [pure virtual]

Save new local LTK for a connection.

Parameters:
[in]db_entryhandle of the entry being updated.
[in]ltkthe new LTK, if the device is slave, this is the LTK that will be used when link is encrypted

Implemented in MemorySecurityDb.

virtual void set_entry_peer_bdaddr ( entry_handle_t  db_entry,
bool  address_is_public,
const address_t peer_address 
) [pure virtual]

Update the identity address of the peer.

Parameters:
[in]db_entryhandle of the entry being updated.
[in]address_is_publicis the identity address public or private
[in]peer_addressthe new address

Implemented in MemorySecurityDb.

virtual void set_entry_peer_csrk ( entry_handle_t  db_entry,
const csrk_t &  csrk 
) [pure virtual]

Update peer signing key.

Parameters:
[in]db_entryhandle of the entry being updated.
[in]csrknew CSRK value

Implemented in MemorySecurityDb.

virtual void set_entry_peer_ediv_rand ( entry_handle_t  db_entry,
const ediv_t ediv,
const rand_t &  rand 
) [pure virtual]

Update EDIV and RAND used to identify the LTK sent by the peer.

Parameters:
[in]db_entryhandle of the entry being updated.
[in]edivnew EDIV value
[in]randnew RAND value

Implemented in MemorySecurityDb.

virtual void set_entry_peer_irk ( entry_handle_t  db_entry,
const irk_t irk 
) [pure virtual]

Update IRK for this connection.

Parameters:
[in]db_entryhandle of the entry being updated.
[in]irknew IRK value

Implemented in MemorySecurityDb.

virtual void set_entry_peer_ltk ( entry_handle_t  db_entry,
const ltk_t &  ltk 
) [pure virtual]

Save new LTK received from the peer.

Parameters:
[in]db_entryhandle of the entry being updated.
[in]ltkthe new LTK, if the peer device is slave, this is the LTK that will be used when link is encrypted

Implemented in MemorySecurityDb.

virtual void set_local_csrk ( const csrk_t &  csrk ) [pure virtual]

Update local signing key.

Parameters:
[in]csrknew CSRK value

Implemented in MemorySecurityDb.

virtual void set_public_key ( const public_key_coord_t public_key_x,
const public_key_coord_t public_key_y 
) [pure virtual]

Set local public key.

Parameters:
[in]public_key_xnew public key value of the x coordinate
[in]public_key_ynew public key value of the y coordinate

Implemented in MemorySecurityDb.

virtual void set_restore ( bool  reload ) [pure virtual]

Toggle whether values should be preserved across resets.

Parameters:
[in]reloadif true values will be preserved across resets.

Implemented in MemorySecurityDb.

virtual void set_whitelist ( const ::Gap::Whitelist_t whitelist ) [pure virtual]

Update the whitelist stored in NVM by replacing it with new one.

Parameters:
[in]whitelist

Implemented in MemorySecurityDb.

virtual void sync (  ) [pure virtual]

Flush all values which might be stored in memory into NVM.

Implemented in MemorySecurityDb.