shunpei kataoka
PBL mbed final
Fork of
nRF51822
by 
Shuta Nakamae
Revision 558:c4b56f9d6f3b, committed 2016-01-11
- Comitter:
- vcoubard
- Date:
- Mon Jan 11 10:19:13 2016 +0000
- Parent:
- 557:e4218a32be51
- Child:
- 559:13204d7ef420
- Commit message:
- Synchronized with git rev b2cb5663
Author: Marcus Chang
Added SecurityManager::setLinkSecurity call for elevating security settings on a particular connection.
Changed in this revision
--- a/source/btle/btle_security.cpp Mon Jan 11 10:19:13 2016 +0000
+++ b/source/btle/btle_security.cpp Mon Jan 11 10:19:13 2016 +0000
@@ -29,6 +29,21 @@
static dm_application_instance_t applicationInstance;
static ret_code_t dm_handler(dm_handle_t const *p_handle, dm_event_t const *p_event, ret_code_t event_result);
+// default security parameters
+static ble_gap_sec_params_t securityParameters = {
+ .bond = true, /**< Perform bonding. */
+ .mitm = true, /**< Man In The Middle protection required. */
+ .io_caps = SecurityManager::IO_CAPS_NONE, /**< IO capabilities, see @ref BLE_GAP_IO_CAPS. */
+ .oob = 0, /**< Out Of Band data available. */
+ .min_key_size = 16, /**< Minimum encryption key size in octets between 7 and 16. If 0 then not applicable in this instance. */
+ .max_key_size = 16, /**< Maximum encryption key size in octets between min_key_size and 16. */
+ .kdist_periph = {
+ .enc = 1, /**< Long Term Key and Master Identification. */
+ .id = 1, /**< Identity Resolving Key and Identity Address Information. */
+ .sign = 1, /**< Connection Signature Resolving Key. */
+ }, /**< Key distribution bitmap: keys that the peripheral device will distribute. */
+};
+
ble_error_t
btle_initializeSecurity(bool enableBonding,
bool requireMITM,
@@ -71,22 +86,15 @@
return BLE_ERROR_UNSPECIFIED;
}
+ // update default security parameters with function call parameters
+ securityParameters.bond = enableBonding;
+ securityParameters.mitm = requireMITM;
+ securityParameters.io_caps = iocaps;
+
const dm_application_param_t dm_param = {
.evt_handler = dm_handler,
.service_type = DM_PROTOCOL_CNTXT_GATT_CLI_ID,
- .sec_param = {
- .bond = enableBonding,/**< Perform bonding. */
- .mitm = requireMITM, /**< Man In The Middle protection required. */
- .io_caps = iocaps, /**< IO capabilities, see @ref BLE_GAP_IO_CAPS. */
- .oob = 0, /**< Out Of Band data available. */
- .min_key_size = 16, /**< Minimum encryption key size in octets between 7 and 16. If 0 then not applicable in this instance. */
- .max_key_size = 16, /**< Maximum encryption key size in octets between min_key_size and 16. */
- .kdist_periph = {
- .enc = 1, /**< Long Term Key and Master Identification. */
- .id = 1, /**< Identity Resolving Key and Identity Address Information. */
- .sign = 1, /**< Connection Signature Resolving Key. */
- }, /**< Key distribution bitmap: keys that the peripheral device will distribute. */
- }
+ .sec_param = securityParameters
};
if ((rc = dm_register(&applicationInstance, &dm_param)) != NRF_SUCCESS) {
@@ -151,6 +159,48 @@
return BLE_ERROR_NONE;
}
+ble_error_t
+btle_setLinkSecurity(Gap::Handle_t connectionHandle, SecurityManager::SecurityMode_t securityMode)
+{
+ // use default and updated parameters as starting point
+ // and modify structure based on security mode.
+ ble_gap_sec_params_t params = securityParameters;
+
+ switch (securityMode) {
+ case SecurityManager::SECURITY_MODE_ENCRYPTION_OPEN_LINK:
+ /**< Require no protection, open link. */
+ securityParameters.bond = false;
+ securityParameters.mitm = false;
+ break;
+
+ case SecurityManager::SECURITY_MODE_ENCRYPTION_NO_MITM:
+ /**< Require encryption, but no MITM protection. */
+ securityParameters.bond = true;
+ securityParameters.mitm = false;
+ break;
+
+ // not yet implemented security modes
+ case SecurityManager::SECURITY_MODE_NO_ACCESS:
+ case SecurityManager::SECURITY_MODE_ENCRYPTION_WITH_MITM:
+ /**< Require encryption and MITM protection. */
+ case SecurityManager::SECURITY_MODE_SIGNED_NO_MITM:
+ /**< Require signing or encryption, but no MITM protection. */
+ case SecurityManager::SECURITY_MODE_SIGNED_WITH_MITM:
+ /**< Require signing or encryption, and MITM protection. */
+ default:
+ return BLE_ERROR_NOT_IMPLEMENTED;
+ }
+
+ // update security settings for given connection
+ uint32_t result = sd_ble_gap_authenticate(connectionHandle, ¶ms);
+
+ if (result == NRF_SUCCESS) {
+ return BLE_ERROR_NONE;
+ } else {
+ return BLE_ERROR_UNSPECIFIED;
+ }
+}
+
ret_code_t
dm_handler(dm_handle_t const *p_handle, dm_event_t const *p_event, ret_code_t event_result)
{
--- a/source/btle/btle_security.h Mon Jan 11 10:19:13 2016 +0000 +++ b/source/btle/btle_security.h Mon Jan 11 10:19:13 2016 +0000 @@ -1,65 +1,78 @@ -/* mbed Microcontroller Library - * Copyright (c) 2006-2013 ARM Limited - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef _BTLE_SECURITY_H_ -#define _BTLE_SECURITY_H_ - -#include "ble/Gap.h" -#include "ble/SecurityManager.h" - -/** - * Enable Nordic's Device Manager, which brings in functionality from the - * stack's Security Manager. The Security Manager implements the actual - * cryptographic algorithms and protocol exchanges that allow two devices to - * securely exchange data and privately detect each other. - * - * @param[in] enableBonding Allow for bonding. - * @param[in] requireMITM Require protection for man-in-the-middle attacks. - * @param[in] iocaps To specify IO capabilities of this peripheral, - * such as availability of a display or keyboard to - * support out-of-band exchanges of security data. - * @param[in] passkey To specify a static passkey. - * - * @return BLE_ERROR_NONE on success. - */ -ble_error_t btle_initializeSecurity(bool enableBonding = true, - bool requireMITM = true, - SecurityManager::SecurityIOCapabilities_t iocaps = SecurityManager::IO_CAPS_NONE, - const SecurityManager::Passkey_t passkey = NULL); - -/** - * Get the security status of a link. - * - * @param[in] connectionHandle - * Handle to identify the connection. - * @param[out] securityStatusP - * security status. - * - * @return BLE_SUCCESS Or appropriate error code indicating reason for failure. - */ -ble_error_t btle_getLinkSecurity(Gap::Handle_t connectionHandle, SecurityManager::LinkSecurityStatus_t *securityStatusP); - -/** - * Function for deleting all peer device context and all related bonding - * information from the database. - * - * @retval BLE_ERROR_NONE On success, else an error code indicating reason for failure. - * @retval BLE_ERROR_INVALID_STATE If the API is called without module initialization and/or - * application registration. - */ -ble_error_t btle_purgeAllBondingState(void); - +/* mbed Microcontroller Library + * Copyright (c) 2006-2013 ARM Limited + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef _BTLE_SECURITY_H_ +#define _BTLE_SECURITY_H_ + +#include "ble/Gap.h" +#include "ble/SecurityManager.h" + +/** + * Enable Nordic's Device Manager, which brings in functionality from the + * stack's Security Manager. The Security Manager implements the actual + * cryptographic algorithms and protocol exchanges that allow two devices to + * securely exchange data and privately detect each other. + * + * @param[in] enableBonding Allow for bonding. + * @param[in] requireMITM Require protection for man-in-the-middle attacks. + * @param[in] iocaps To specify IO capabilities of this peripheral, + * such as availability of a display or keyboard to + * support out-of-band exchanges of security data. + * @param[in] passkey To specify a static passkey. + * + * @return BLE_ERROR_NONE on success. + */ +ble_error_t btle_initializeSecurity(bool enableBonding = true, + bool requireMITM = true, + SecurityManager::SecurityIOCapabilities_t iocaps = SecurityManager::IO_CAPS_NONE, + const SecurityManager::Passkey_t passkey = NULL); + +/** + * Get the security status of a link. + * + * @param[in] connectionHandle + * Handle to identify the connection. + * @param[out] securityStatusP + * security status. + * + * @return BLE_ERROR_NONE Or appropriate error code indicating reason for failure. + */ +ble_error_t btle_getLinkSecurity(Gap::Handle_t connectionHandle, SecurityManager::LinkSecurityStatus_t *securityStatusP); + +/** + * Set the security mode on a connection. Useful for elevating the security mode + * once certain conditions are met, e.g., a particular service is found. + * + * @param[in] connectionHandle + * Handle to identify the connection. + * @param[in] securityMode + * security mode. + * + * @return BLE_ERROR_NONE Or appropriate error code indicating reason for failure. + */ +ble_error_t btle_setLinkSecurity(Gap::Handle_t connectionHandle, SecurityManager::SecurityMode_t securityMode); + +/** + * Function for deleting all peer device context and all related bonding + * information from the database. + * + * @retval BLE_ERROR_NONE On success, else an error code indicating reason for failure. + * @retval BLE_ERROR_INVALID_STATE If the API is called without module initialization and/or + * application registration. + */ +ble_error_t btle_purgeAllBondingState(void); + #endif /* _BTLE_SECURITY_H_ */ \ No newline at end of file
--- a/source/nRF5xSecurityManager.h Mon Jan 11 10:19:13 2016 +0000
+++ b/source/nRF5xSecurityManager.h Mon Jan 11 10:19:13 2016 +0000
@@ -1,56 +1,60 @@
-/* mbed Microcontroller Library
- * Copyright (c) 2006-2013 ARM Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef __NRF51822_SECURITY_MANAGER_H__
-#define __NRF51822_SECURITY_MANAGER_H__
-
-#include <stddef.h>
-
-#include "ble/SecurityManager.h"
-#include "btle_security.h"
-
-class nRF5xSecurityManager : public SecurityManager
-{
-public:
- static nRF5xSecurityManager &getInstance();
-
- /* Functions that must be implemented from SecurityManager */
- virtual ble_error_t init(bool enableBonding,
- bool requireMITM,
- SecurityIOCapabilities_t iocaps,
- const Passkey_t passkey) {
- return btle_initializeSecurity(enableBonding, requireMITM, iocaps, passkey);
- }
-
- virtual ble_error_t getLinkSecurity(Gap::Handle_t connectionHandle, LinkSecurityStatus_t *securityStatusP) {
- return btle_getLinkSecurity(connectionHandle, securityStatusP);
- }
-
- virtual ble_error_t purgeAllBondingState(void) {
- return btle_purgeAllBondingState();
- }
-
-public:
- nRF5xSecurityManager() {
- /* empty */
- }
-
-private:
- nRF5xSecurityManager(const nRF5xSecurityManager &);
- const nRF5xSecurityManager& operator=(const nRF5xSecurityManager &);
-};
-
+/* mbed Microcontroller Library
+ * Copyright (c) 2006-2013 ARM Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef __NRF51822_SECURITY_MANAGER_H__
+#define __NRF51822_SECURITY_MANAGER_H__
+
+#include <stddef.h>
+
+#include "ble/SecurityManager.h"
+#include "btle_security.h"
+
+class nRF5xSecurityManager : public SecurityManager
+{
+public:
+ static nRF5xSecurityManager &getInstance();
+
+ /* Functions that must be implemented from SecurityManager */
+ virtual ble_error_t init(bool enableBonding,
+ bool requireMITM,
+ SecurityIOCapabilities_t iocaps,
+ const Passkey_t passkey) {
+ return btle_initializeSecurity(enableBonding, requireMITM, iocaps, passkey);
+ }
+
+ virtual ble_error_t getLinkSecurity(Gap::Handle_t connectionHandle, LinkSecurityStatus_t *securityStatusP) {
+ return btle_getLinkSecurity(connectionHandle, securityStatusP);
+ }
+
+ virtual ble_error_t setLinkSecurity(Gap::Handle_t connectionHandle, SecurityMode_t securityMode) {
+ return btle_setLinkSecurity(connectionHandle, securityMode);
+ }
+
+ virtual ble_error_t purgeAllBondingState(void) {
+ return btle_purgeAllBondingState();
+ }
+
+public:
+ nRF5xSecurityManager() {
+ /* empty */
+ }
+
+private:
+ nRF5xSecurityManager(const nRF5xSecurityManager &);
+ const nRF5xSecurityManager& operator=(const nRF5xSecurityManager &);
+};
+
#endif // ifndef __NRF51822_SECURITY_MANAGER_H__
\ No newline at end of file