Michael Galis
/
nRF51822
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Fork of
nRF51822
by 
Nordic Semiconductor
TARGET_MCU_NRF51822/source/nRF5xSecurityManager.h@638:c90ae1400bf2, 2016-09-14 (annotated)
- Committer:
- Vincent Coubard
- Date:
- Wed Sep 14 14:39:43 2016 +0100
- Revision:
- 638:c90ae1400bf2
Sync with bdab10dc0f90748b6989c8b577771bb403ca6bd8 from ARMmbed/mbed-os.
Who changed what in which revision?
| User | Revision | Line number | New contents of line |
|---|---|---|---|
| Vincent Coubard |
638:c90ae1400bf2 | 1 | /* mbed Microcontroller Library |
| Vincent Coubard |
638:c90ae1400bf2 | 2 | * Copyright (c) 2006-2013 ARM Limited |
| Vincent Coubard |
638:c90ae1400bf2 | 3 | * |
| Vincent Coubard |
638:c90ae1400bf2 | 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| Vincent Coubard |
638:c90ae1400bf2 | 5 | * you may not use this file except in compliance with the License. |
| Vincent Coubard |
638:c90ae1400bf2 | 6 | * You may obtain a copy of the License at |
| Vincent Coubard |
638:c90ae1400bf2 | 7 | * |
| Vincent Coubard |
638:c90ae1400bf2 | 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| Vincent Coubard |
638:c90ae1400bf2 | 9 | * |
| Vincent Coubard |
638:c90ae1400bf2 | 10 | * Unless required by applicable law or agreed to in writing, software |
| Vincent Coubard |
638:c90ae1400bf2 | 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| Vincent Coubard |
638:c90ae1400bf2 | 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| Vincent Coubard |
638:c90ae1400bf2 | 13 | * See the License for the specific language governing permissions and |
| Vincent Coubard |
638:c90ae1400bf2 | 14 | * limitations under the License. |
| Vincent Coubard |
638:c90ae1400bf2 | 15 | */ |
| Vincent Coubard |
638:c90ae1400bf2 | 16 | |
| Vincent Coubard |
638:c90ae1400bf2 | 17 | #ifndef __NRF51822_SECURITY_MANAGER_H__ |
| Vincent Coubard |
638:c90ae1400bf2 | 18 | #define __NRF51822_SECURITY_MANAGER_H__ |
| Vincent Coubard |
638:c90ae1400bf2 | 19 | |
| Vincent Coubard |
638:c90ae1400bf2 | 20 | #include <stddef.h> |
| Vincent Coubard |
638:c90ae1400bf2 | 21 | |
| Vincent Coubard |
638:c90ae1400bf2 | 22 | #include "nRF5xGap.h" |
| Vincent Coubard |
638:c90ae1400bf2 | 23 | #include "ble/SecurityManager.h" |
| Vincent Coubard |
638:c90ae1400bf2 | 24 | #include "btle_security.h" |
| Vincent Coubard |
638:c90ae1400bf2 | 25 | |
| Vincent Coubard |
638:c90ae1400bf2 | 26 | class nRF5xSecurityManager : public SecurityManager |
| Vincent Coubard |
638:c90ae1400bf2 | 27 | { |
| Vincent Coubard |
638:c90ae1400bf2 | 28 | public: |
| Vincent Coubard |
638:c90ae1400bf2 | 29 | /* Functions that must be implemented from SecurityManager */ |
| Vincent Coubard |
638:c90ae1400bf2 | 30 | virtual ble_error_t init(bool enableBonding, |
| Vincent Coubard |
638:c90ae1400bf2 | 31 | bool requireMITM, |
| Vincent Coubard |
638:c90ae1400bf2 | 32 | SecurityIOCapabilities_t iocaps, |
| Vincent Coubard |
638:c90ae1400bf2 | 33 | const Passkey_t passkey) { |
| Vincent Coubard |
638:c90ae1400bf2 | 34 | return btle_initializeSecurity(enableBonding, requireMITM, iocaps, passkey); |
| Vincent Coubard |
638:c90ae1400bf2 | 35 | } |
| Vincent Coubard |
638:c90ae1400bf2 | 36 | |
| Vincent Coubard |
638:c90ae1400bf2 | 37 | virtual ble_error_t getLinkSecurity(Gap::Handle_t connectionHandle, LinkSecurityStatus_t *securityStatusP) { |
| Vincent Coubard |
638:c90ae1400bf2 | 38 | return btle_getLinkSecurity(connectionHandle, securityStatusP); |
| Vincent Coubard |
638:c90ae1400bf2 | 39 | } |
| Vincent Coubard |
638:c90ae1400bf2 | 40 | |
| Vincent Coubard |
638:c90ae1400bf2 | 41 | virtual ble_error_t setLinkSecurity(Gap::Handle_t connectionHandle, SecurityMode_t securityMode) { |
| Vincent Coubard |
638:c90ae1400bf2 | 42 | return btle_setLinkSecurity(connectionHandle, securityMode); |
| Vincent Coubard |
638:c90ae1400bf2 | 43 | } |
| Vincent Coubard |
638:c90ae1400bf2 | 44 | |
| Vincent Coubard |
638:c90ae1400bf2 | 45 | virtual ble_error_t purgeAllBondingState(void) { |
| Vincent Coubard |
638:c90ae1400bf2 | 46 | return btle_purgeAllBondingState(); |
| Vincent Coubard |
638:c90ae1400bf2 | 47 | } |
| Vincent Coubard |
638:c90ae1400bf2 | 48 | |
| Vincent Coubard |
638:c90ae1400bf2 | 49 | /** |
| Vincent Coubard |
638:c90ae1400bf2 | 50 | * @brief Returns a list of addresses from peers in the stacks bond table. |
| Vincent Coubard |
638:c90ae1400bf2 | 51 | * |
| Vincent Coubard |
638:c90ae1400bf2 | 52 | * @param[in/out] addresses |
| Vincent Coubard |
638:c90ae1400bf2 | 53 | * (on input) @ref Gap::Whitelist_t structure where at |
| Vincent Coubard |
638:c90ae1400bf2 | 54 | * most addresses.capacity addresses from bonded peers will |
| Vincent Coubard |
638:c90ae1400bf2 | 55 | * be stored. |
| Vincent Coubard |
638:c90ae1400bf2 | 56 | * (on output) A copy of the addresses from bonded peers. |
| Vincent Coubard |
638:c90ae1400bf2 | 57 | * |
| Vincent Coubard |
638:c90ae1400bf2 | 58 | * @return |
| Vincent Coubard |
638:c90ae1400bf2 | 59 | * BLE_ERROR_NONE if successful. |
| Vincent Coubard |
638:c90ae1400bf2 | 60 | */ |
| Vincent Coubard |
638:c90ae1400bf2 | 61 | virtual ble_error_t getAddressesFromBondTable(Gap::Whitelist_t &addresses) const { |
| Vincent Coubard |
638:c90ae1400bf2 | 62 | uint8_t i; |
| Vincent Coubard |
638:c90ae1400bf2 | 63 | |
| Vincent Coubard |
638:c90ae1400bf2 | 64 | ble_gap_whitelist_t whitelistFromBondTable; |
| Vincent Coubard |
638:c90ae1400bf2 | 65 | ble_gap_addr_t *addressPtr[YOTTA_CFG_WHITELIST_MAX_SIZE]; |
| Vincent Coubard |
638:c90ae1400bf2 | 66 | ble_gap_irk_t *irkPtr[YOTTA_CFG_IRK_TABLE_MAX_SIZE]; |
| Vincent Coubard |
638:c90ae1400bf2 | 67 | |
| Vincent Coubard |
638:c90ae1400bf2 | 68 | /* Initialize the structure so that we get as many addreses as the whitelist can hold */ |
| Vincent Coubard |
638:c90ae1400bf2 | 69 | whitelistFromBondTable.addr_count = YOTTA_CFG_IRK_TABLE_MAX_SIZE; |
| Vincent Coubard |
638:c90ae1400bf2 | 70 | whitelistFromBondTable.pp_addrs = addressPtr; |
| Vincent Coubard |
638:c90ae1400bf2 | 71 | whitelistFromBondTable.irk_count = YOTTA_CFG_IRK_TABLE_MAX_SIZE; |
| Vincent Coubard |
638:c90ae1400bf2 | 72 | whitelistFromBondTable.pp_irks = irkPtr; |
| Vincent Coubard |
638:c90ae1400bf2 | 73 | |
| Vincent Coubard |
638:c90ae1400bf2 | 74 | ble_error_t error = createWhitelistFromBondTable(whitelistFromBondTable); |
| Vincent Coubard |
638:c90ae1400bf2 | 75 | if (error != BLE_ERROR_NONE) { |
| Vincent Coubard |
638:c90ae1400bf2 | 76 | addresses.size = 0; |
| Vincent Coubard |
638:c90ae1400bf2 | 77 | return error; |
| Vincent Coubard |
638:c90ae1400bf2 | 78 | } |
| Vincent Coubard |
638:c90ae1400bf2 | 79 | |
| Vincent Coubard |
638:c90ae1400bf2 | 80 | /* Put all the addresses in the structure */ |
| Vincent Coubard |
638:c90ae1400bf2 | 81 | for (i = 0; i < whitelistFromBondTable.addr_count; ++i) { |
| Vincent Coubard |
638:c90ae1400bf2 | 82 | if (i >= addresses.capacity) { |
| Vincent Coubard |
638:c90ae1400bf2 | 83 | /* Ran out of space in the output Gap::Whitelist_t */ |
| Vincent Coubard |
638:c90ae1400bf2 | 84 | addresses.size = i; |
| Vincent Coubard |
638:c90ae1400bf2 | 85 | return BLE_ERROR_NONE; |
| Vincent Coubard |
638:c90ae1400bf2 | 86 | } |
| Vincent Coubard |
638:c90ae1400bf2 | 87 | memcpy(&addresses.addresses[i], whitelistFromBondTable.pp_addrs[i], sizeof(BLEProtocol::Address_t)); |
| Vincent Coubard |
638:c90ae1400bf2 | 88 | } |
| Vincent Coubard |
638:c90ae1400bf2 | 89 | |
| Vincent Coubard |
638:c90ae1400bf2 | 90 | /* Update the current address count */ |
| Vincent Coubard |
638:c90ae1400bf2 | 91 | addresses.size = i; |
| Vincent Coubard |
638:c90ae1400bf2 | 92 | |
| Vincent Coubard |
638:c90ae1400bf2 | 93 | /* The assumption here is that the underlying implementation of |
| Vincent Coubard |
638:c90ae1400bf2 | 94 | * createWhitelistFromBondTable() will not return the private resolvable |
| Vincent Coubard |
638:c90ae1400bf2 | 95 | * addresses (which is the case in the SoftDevice). Rather it returns the |
| Vincent Coubard |
638:c90ae1400bf2 | 96 | * IRKs, so we need to generate the private resolvable address by ourselves. |
| Vincent Coubard |
638:c90ae1400bf2 | 97 | */ |
| Vincent Coubard |
638:c90ae1400bf2 | 98 | for (i = 0; i < whitelistFromBondTable.irk_count; ++i) { |
| Vincent Coubard |
638:c90ae1400bf2 | 99 | if (i + addresses.size >= addresses.capacity) { |
| Vincent Coubard |
638:c90ae1400bf2 | 100 | /* Ran out of space in the output Gap::Whitelist_t */ |
| Vincent Coubard |
638:c90ae1400bf2 | 101 | addresses.size += i; |
| Vincent Coubard |
638:c90ae1400bf2 | 102 | return BLE_ERROR_NONE; |
| Vincent Coubard |
638:c90ae1400bf2 | 103 | } |
| Vincent Coubard |
638:c90ae1400bf2 | 104 | btle_generateResolvableAddress( |
| Vincent Coubard |
638:c90ae1400bf2 | 105 | *whitelistFromBondTable.pp_irks[i], |
| Vincent Coubard |
638:c90ae1400bf2 | 106 | (ble_gap_addr_t &) addresses.addresses[i + addresses.size] |
| Vincent Coubard |
638:c90ae1400bf2 | 107 | ); |
| Vincent Coubard |
638:c90ae1400bf2 | 108 | } |
| Vincent Coubard |
638:c90ae1400bf2 | 109 | |
| Vincent Coubard |
638:c90ae1400bf2 | 110 | /* Update the current address count */ |
| Vincent Coubard |
638:c90ae1400bf2 | 111 | addresses.size += i; |
| Vincent Coubard |
638:c90ae1400bf2 | 112 | |
| Vincent Coubard |
638:c90ae1400bf2 | 113 | return BLE_ERROR_NONE; |
| Vincent Coubard |
638:c90ae1400bf2 | 114 | } |
| Vincent Coubard |
638:c90ae1400bf2 | 115 | |
| Vincent Coubard |
638:c90ae1400bf2 | 116 | /** |
| Vincent Coubard |
638:c90ae1400bf2 | 117 | * @brief Clear nRF5xSecurityManager's state. |
| Vincent Coubard |
638:c90ae1400bf2 | 118 | * |
| Vincent Coubard |
638:c90ae1400bf2 | 119 | * @return |
| Vincent Coubard |
638:c90ae1400bf2 | 120 | * BLE_ERROR_NONE if successful. |
| Vincent Coubard |
638:c90ae1400bf2 | 121 | */ |
| Vincent Coubard |
638:c90ae1400bf2 | 122 | virtual ble_error_t reset(void) |
| Vincent Coubard |
638:c90ae1400bf2 | 123 | { |
| Vincent Coubard |
638:c90ae1400bf2 | 124 | if (SecurityManager::reset() != BLE_ERROR_NONE) { |
| Vincent Coubard |
638:c90ae1400bf2 | 125 | return BLE_ERROR_INVALID_STATE; |
| Vincent Coubard |
638:c90ae1400bf2 | 126 | } |
| Vincent Coubard |
638:c90ae1400bf2 | 127 | |
| Vincent Coubard |
638:c90ae1400bf2 | 128 | return BLE_ERROR_NONE; |
| Vincent Coubard |
638:c90ae1400bf2 | 129 | } |
| Vincent Coubard |
638:c90ae1400bf2 | 130 | |
| Vincent Coubard |
638:c90ae1400bf2 | 131 | bool hasInitialized(void) const { |
| Vincent Coubard |
638:c90ae1400bf2 | 132 | return btle_hasInitializedSecurity(); |
| Vincent Coubard |
638:c90ae1400bf2 | 133 | } |
| Vincent Coubard |
638:c90ae1400bf2 | 134 | |
| Vincent Coubard |
638:c90ae1400bf2 | 135 | public: |
| Vincent Coubard |
638:c90ae1400bf2 | 136 | /* |
| Vincent Coubard |
638:c90ae1400bf2 | 137 | * Allow instantiation from nRF5xn when required. |
| Vincent Coubard |
638:c90ae1400bf2 | 138 | */ |
| Vincent Coubard |
638:c90ae1400bf2 | 139 | friend class nRF5xn; |
| Vincent Coubard |
638:c90ae1400bf2 | 140 | |
| Vincent Coubard |
638:c90ae1400bf2 | 141 | nRF5xSecurityManager() { |
| Vincent Coubard |
638:c90ae1400bf2 | 142 | /* empty */ |
| Vincent Coubard |
638:c90ae1400bf2 | 143 | } |
| Vincent Coubard |
638:c90ae1400bf2 | 144 | |
| Vincent Coubard |
638:c90ae1400bf2 | 145 | private: |
| Vincent Coubard |
638:c90ae1400bf2 | 146 | nRF5xSecurityManager(const nRF5xSecurityManager &); |
| Vincent Coubard |
638:c90ae1400bf2 | 147 | const nRF5xSecurityManager& operator=(const nRF5xSecurityManager &); |
| Vincent Coubard |
638:c90ae1400bf2 | 148 | |
| Vincent Coubard |
638:c90ae1400bf2 | 149 | /* |
| Vincent Coubard |
638:c90ae1400bf2 | 150 | * Expose an interface that allows us to query the SoftDevice bond table |
| Vincent Coubard |
638:c90ae1400bf2 | 151 | * and extract a whitelist. |
| Vincent Coubard |
638:c90ae1400bf2 | 152 | */ |
| Vincent Coubard |
638:c90ae1400bf2 | 153 | ble_error_t createWhitelistFromBondTable(ble_gap_whitelist_t &whitelistFromBondTable) const { |
| Vincent Coubard |
638:c90ae1400bf2 | 154 | return btle_createWhitelistFromBondTable(&whitelistFromBondTable); |
| Vincent Coubard |
638:c90ae1400bf2 | 155 | } |
| Vincent Coubard |
638:c90ae1400bf2 | 156 | |
| Vincent Coubard |
638:c90ae1400bf2 | 157 | /* |
| Vincent Coubard |
638:c90ae1400bf2 | 158 | * Given a BLE address and a IRK this function check whether the address |
| Vincent Coubard |
638:c90ae1400bf2 | 159 | * can be generated from the IRK. To do so, this function uses the hash |
| Vincent Coubard |
638:c90ae1400bf2 | 160 | * function and algorithm described in the Bluetooth low Energy |
| Vincent Coubard |
638:c90ae1400bf2 | 161 | * Specification. Internally, Nordic SDK functions are used. |
| Vincent Coubard |
638:c90ae1400bf2 | 162 | */ |
| Vincent Coubard |
638:c90ae1400bf2 | 163 | bool matchAddressAndIrk(ble_gap_addr_t *address, ble_gap_irk_t *irk) const { |
| Vincent Coubard |
638:c90ae1400bf2 | 164 | return btle_matchAddressAndIrk(address, irk); |
| Vincent Coubard |
638:c90ae1400bf2 | 165 | } |
| Vincent Coubard |
638:c90ae1400bf2 | 166 | |
| Vincent Coubard |
638:c90ae1400bf2 | 167 | /* |
| Vincent Coubard |
638:c90ae1400bf2 | 168 | * Give nRF5xGap access to createWhitelistFromBondTable() and |
| Vincent Coubard |
638:c90ae1400bf2 | 169 | * matchAddressAndIrk() |
| Vincent Coubard |
638:c90ae1400bf2 | 170 | */ |
| Vincent Coubard |
638:c90ae1400bf2 | 171 | friend class nRF5xGap; |
| Vincent Coubard |
638:c90ae1400bf2 | 172 | }; |
| Vincent Coubard |
638:c90ae1400bf2 | 173 | |
| Vincent Coubard |
638:c90ae1400bf2 | 174 | #endif // ifndef __NRF51822_SECURITY_MANAGER_H__ |