Michael Galis / nRF51822

Important changes to repositories hosted on mbed.com

Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.

To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.

It is also possible to export all your personal repositories from the account settings page.

Fork of nRF51822 by Nordic Semiconductor

Embed: (wiki syntax)

« Back to documentation index

Show/hide line numbers nRF5xSecurityManager.h Source File

nRF5xSecurityManager.h

00001 /* mbed Microcontroller Library
00002  * Copyright (c) 2006-2013 ARM Limited
00003  *
00004  * Licensed under the Apache License, Version 2.0 (the "License");
00005  * you may not use this file except in compliance with the License.
00006  * You may obtain a copy of the License at
00007  *
00008  *     http://www.apache.org/licenses/LICENSE-2.0
00009  *
00010  * Unless required by applicable law or agreed to in writing, software
00011  * distributed under the License is distributed on an "AS IS" BASIS,
00012  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
00013  * See the License for the specific language governing permissions and
00014  * limitations under the License.
00015  */
00016 
00017 #ifndef __NRF51822_SECURITY_MANAGER_H__
00018 #define __NRF51822_SECURITY_MANAGER_H__
00019 
00020 #include <stddef.h>
00021 
00022 #include "nRF5xGap.h"
00023 #include "ble/SecurityManager.h"
00024 #include "btle_security.h"
00025 
00026 class nRF5xSecurityManager : public SecurityManager
00027 {
00028 public:
00029     /* Functions that must be implemented from SecurityManager */
00030     virtual ble_error_t init(bool                     enableBonding,
00031                              bool                     requireMITM,
00032                              SecurityIOCapabilities_t iocaps,
00033                              const Passkey_t          passkey) {
00034         return btle_initializeSecurity(enableBonding, requireMITM, iocaps, passkey);
00035     }
00036 
00037     virtual ble_error_t getLinkSecurity(Gap::Handle_t connectionHandle, LinkSecurityStatus_t *securityStatusP) {
00038         return btle_getLinkSecurity(connectionHandle, securityStatusP);
00039     }
00040 
00041     virtual ble_error_t setLinkSecurity(Gap::Handle_t connectionHandle, SecurityMode_t securityMode) {
00042         return btle_setLinkSecurity(connectionHandle, securityMode);
00043     }
00044 
00045     virtual ble_error_t purgeAllBondingState(void) {
00046         return btle_purgeAllBondingState();
00047     }
00048 
00049     /**
00050      * @brief  Returns a list of addresses from peers in the stacks bond table.
00051      *
00052      * @param[in/out]   addresses
00053      *                  (on input) @ref Gap::Whitelist_t structure where at
00054      *                  most addresses.capacity addresses from bonded peers will
00055      *                  be stored.
00056      *                  (on output) A copy of the addresses from bonded peers.
00057      *
00058      * @return
00059      *           BLE_ERROR_NONE if successful.
00060      */
00061     virtual ble_error_t getAddressesFromBondTable(Gap::Whitelist_t &addresses) const {
00062         uint8_t i;
00063 
00064         ble_gap_whitelist_t  whitelistFromBondTable;
00065         ble_gap_addr_t      *addressPtr[YOTTA_CFG_WHITELIST_MAX_SIZE];
00066         ble_gap_irk_t       *irkPtr[YOTTA_CFG_IRK_TABLE_MAX_SIZE];
00067 
00068         /* Initialize the structure so that we get as many addreses as the whitelist can hold */
00069         whitelistFromBondTable.addr_count = YOTTA_CFG_IRK_TABLE_MAX_SIZE;
00070         whitelistFromBondTable.pp_addrs   = addressPtr;
00071         whitelistFromBondTable.irk_count  = YOTTA_CFG_IRK_TABLE_MAX_SIZE;
00072         whitelistFromBondTable.pp_irks    = irkPtr;
00073 
00074         ble_error_t error = createWhitelistFromBondTable(whitelistFromBondTable);
00075         if (error != BLE_ERROR_NONE) {
00076             addresses.size = 0;
00077             return error;
00078         }
00079 
00080         /* Put all the addresses in the structure */
00081         for (i = 0; i < whitelistFromBondTable.addr_count; ++i) {
00082             if (i >= addresses.capacity) {
00083                 /* Ran out of space in the output Gap::Whitelist_t */
00084                 addresses.size = i;
00085                 return BLE_ERROR_NONE;
00086             }
00087             memcpy(&addresses.addresses[i], whitelistFromBondTable.pp_addrs[i], sizeof(BLEProtocol::Address_t));
00088         }
00089 
00090         /* Update the current address count */
00091         addresses.size = i;
00092 
00093         /* The assumption here is that the underlying implementation of
00094          * createWhitelistFromBondTable()  will not return the private resolvable
00095          * addresses (which is the case in the SoftDevice). Rather it returns the
00096          * IRKs, so we need to generate the private resolvable address by ourselves.
00097          */
00098         for (i = 0; i < whitelistFromBondTable.irk_count; ++i) {
00099             if (i + addresses.size >= addresses.capacity) {
00100                 /* Ran out of space in the output Gap::Whitelist_t */
00101                 addresses.size += i;
00102                 return BLE_ERROR_NONE;
00103             }
00104             btle_generateResolvableAddress(
00105                 *whitelistFromBondTable.pp_irks[i],
00106                 (ble_gap_addr_t &) addresses.addresses[i + addresses.size]
00107             );
00108         }
00109 
00110         /* Update the current address count */
00111         addresses.size += i;
00112 
00113         return BLE_ERROR_NONE;
00114     }
00115 
00116     /**
00117      * @brief  Clear nRF5xSecurityManager's state.
00118      *
00119      * @return
00120      *           BLE_ERROR_NONE if successful.
00121      */
00122     virtual ble_error_t reset(void)
00123     {
00124         if (SecurityManager::reset() != BLE_ERROR_NONE) {
00125             return BLE_ERROR_INVALID_STATE;
00126         }
00127 
00128         return BLE_ERROR_NONE;
00129     }
00130 
00131     bool hasInitialized(void) const {
00132         return btle_hasInitializedSecurity();
00133     }
00134 
00135 public:
00136     /*
00137      * Allow instantiation from nRF5xn when required.
00138      */
00139     friend class nRF5xn;
00140 
00141     nRF5xSecurityManager() {
00142         /* empty */
00143     }
00144 
00145 private:
00146     nRF5xSecurityManager(const nRF5xSecurityManager &);
00147     const nRF5xSecurityManager& operator=(const nRF5xSecurityManager &);
00148 
00149     /*
00150      * Expose an interface that allows us to query the SoftDevice bond table
00151      * and extract a whitelist.
00152      */
00153     ble_error_t createWhitelistFromBondTable(ble_gap_whitelist_t &whitelistFromBondTable) const {
00154         return btle_createWhitelistFromBondTable(&whitelistFromBondTable);
00155     }
00156 
00157     /*
00158      * Given a BLE address and a IRK this function check whether the address
00159      * can be generated from the IRK. To do so, this function uses the hash
00160      * function and algorithm described in the Bluetooth low Energy
00161      * Specification. Internally, Nordic SDK functions are used.
00162      */
00163     bool matchAddressAndIrk(ble_gap_addr_t *address, ble_gap_irk_t *irk) const {
00164         return btle_matchAddressAndIrk(address, irk);
00165     }
00166 
00167     /*
00168      * Give nRF5xGap access to createWhitelistFromBondTable() and
00169      * matchAddressAndIrk()
00170      */
00171     friend class nRF5xGap;
00172 };
00173 
00174 #endif // ifndef __NRF51822_SECURITY_MANAGER_H__