nordic
Fork of nRF51822 by
source/btle/btle_security.cpp@526:d76f1c3f4599, 2015-12-02 (annotated)
- Committer:
- rgrover1
- Date:
- Wed Dec 02 13:14:17 2015 +0000
- Revision:
- 526:d76f1c3f4599
- Parent:
- 525:502e53732c75
- Child:
- 542:884f95bf5351
Synchronized with git rev a5a46f2f
Author: Rohit Grover
Release 2.0.7
=============
* Fix a bug in the assembly sequence that starts the Nordic bootloader. With
GCC, a MOV instruction was getting converted into an ADDS, which came with
an unwanted side-effect of updating the XPSR. We relocated the offending MOV
instruction such that it would not affect a conditional branch statement.
This would show only with GCC, and when jumping to the bootloader while in
handler mode.
* Fix hardfaults generated from the handling of Radio Notification events.
Radio notification events are interrupts generated at very high priority.
They have the potential to pre-empt other interrupt handling, causing race
conditions when interrupted handlers were involved in calling into BLE_API.
Radio-notification events should defer their callback handling to low-
priority handlers through the use of Tickers or Timeouts.
* Introduce watchdog header file from Nordic SDK 8.1.
* Update license headers to reflect the latest licenses from Nordic.
Who changed what in which revision?
User | Revision | Line number | New contents of line |
---|---|---|---|
rgrover1 | 134:74079098b3c9 | 1 | /* mbed Microcontroller Library |
rgrover1 | 134:74079098b3c9 | 2 | * Copyright (c) 2006-2013 ARM Limited |
rgrover1 | 134:74079098b3c9 | 3 | * |
rgrover1 | 134:74079098b3c9 | 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
rgrover1 | 134:74079098b3c9 | 5 | * you may not use this file except in compliance with the License. |
rgrover1 | 134:74079098b3c9 | 6 | * You may obtain a copy of the License at |
rgrover1 | 134:74079098b3c9 | 7 | * |
rgrover1 | 134:74079098b3c9 | 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
rgrover1 | 134:74079098b3c9 | 9 | * |
rgrover1 | 134:74079098b3c9 | 10 | * Unless required by applicable law or agreed to in writing, software |
rgrover1 | 134:74079098b3c9 | 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
rgrover1 | 134:74079098b3c9 | 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
rgrover1 | 134:74079098b3c9 | 13 | * See the License for the specific language governing permissions and |
rgrover1 | 134:74079098b3c9 | 14 | * limitations under the License. |
rgrover1 | 134:74079098b3c9 | 15 | */ |
rgrover1 | 134:74079098b3c9 | 16 | |
rgrover1 | 134:74079098b3c9 | 17 | #include "btle.h" |
rgrover1 | 372:8f7d2137727a | 18 | |
rgrover1 | 394:0f7c5048efb3 | 19 | #include "nRF5xGap.h" |
rgrover1 | 394:0f7c5048efb3 | 20 | #include "nRF5xSecurityManager.h" |
rgrover1 | 372:8f7d2137727a | 21 | |
rgrover1 | 526:d76f1c3f4599 | 22 | extern "C" { |
rgrover1 | 526:d76f1c3f4599 | 23 | #include "pstorage.h" |
rgrover1 | 134:74079098b3c9 | 24 | #include "device_manager.h" |
rgrover1 | 526:d76f1c3f4599 | 25 | } |
rgrover1 | 526:d76f1c3f4599 | 26 | |
rgrover1 | 135:df7e7964a9c3 | 27 | #include "btle_security.h" |
rgrover1 | 134:74079098b3c9 | 28 | |
rgrover1 | 148:457a129dfa5e | 29 | static dm_application_instance_t applicationInstance; |
rgrover1 | 134:74079098b3c9 | 30 | static ret_code_t dm_handler(dm_handle_t const *p_handle, dm_event_t const *p_event, ret_code_t event_result); |
rgrover1 | 134:74079098b3c9 | 31 | |
rgrover1 | 134:74079098b3c9 | 32 | ble_error_t |
rgrover1 | 372:8f7d2137727a | 33 | btle_initializeSecurity(bool enableBonding, |
rgrover1 | 372:8f7d2137727a | 34 | bool requireMITM, |
rgrover1 | 372:8f7d2137727a | 35 | SecurityManager::SecurityIOCapabilities_t iocaps, |
rgrover1 | 372:8f7d2137727a | 36 | const SecurityManager::Passkey_t passkey) |
rgrover1 | 134:74079098b3c9 | 37 | { |
rgrover1 | 145:9d8fce4b4d5a | 38 | /* guard against multiple initializations */ |
rgrover1 | 145:9d8fce4b4d5a | 39 | static bool initialized = false; |
rgrover1 | 145:9d8fce4b4d5a | 40 | if (initialized) { |
rgrover1 | 145:9d8fce4b4d5a | 41 | return BLE_ERROR_NONE; |
rgrover1 | 145:9d8fce4b4d5a | 42 | } |
rgrover1 | 145:9d8fce4b4d5a | 43 | |
rgrover1 | 134:74079098b3c9 | 44 | if (pstorage_init() != NRF_SUCCESS) { |
rgrover1 | 134:74079098b3c9 | 45 | return BLE_ERROR_UNSPECIFIED; |
rgrover1 | 134:74079098b3c9 | 46 | } |
rgrover1 | 134:74079098b3c9 | 47 | |
rgrover1 | 151:44c40836c82f | 48 | ret_code_t rc; |
rgrover1 | 151:44c40836c82f | 49 | if (passkey) { |
rgrover1 | 151:44c40836c82f | 50 | ble_opt_t opts; |
rgrover1 | 151:44c40836c82f | 51 | opts.gap_opt.passkey.p_passkey = const_cast<uint8_t *>(passkey); |
rgrover1 | 151:44c40836c82f | 52 | if ((rc = sd_ble_opt_set(BLE_GAP_OPT_PASSKEY, &opts)) != NRF_SUCCESS) { |
rgrover1 | 151:44c40836c82f | 53 | switch (rc) { |
rgrover1 | 151:44c40836c82f | 54 | case BLE_ERROR_INVALID_CONN_HANDLE: |
rgrover1 | 151:44c40836c82f | 55 | case NRF_ERROR_INVALID_ADDR: |
rgrover1 | 151:44c40836c82f | 56 | case NRF_ERROR_INVALID_PARAM: |
rgrover1 | 151:44c40836c82f | 57 | default: |
rgrover1 | 151:44c40836c82f | 58 | return BLE_ERROR_INVALID_PARAM; |
rgrover1 | 151:44c40836c82f | 59 | case NRF_ERROR_INVALID_STATE: |
rgrover1 | 151:44c40836c82f | 60 | return BLE_ERROR_INVALID_STATE; |
rgrover1 | 151:44c40836c82f | 61 | case NRF_ERROR_BUSY: |
rgrover1 | 151:44c40836c82f | 62 | return BLE_STACK_BUSY; |
rgrover1 | 151:44c40836c82f | 63 | } |
rgrover1 | 151:44c40836c82f | 64 | } |
rgrover1 | 151:44c40836c82f | 65 | } |
rgrover1 | 151:44c40836c82f | 66 | |
rgrover1 | 134:74079098b3c9 | 67 | dm_init_param_t dm_init_param = { |
rgrover1 | 134:74079098b3c9 | 68 | .clear_persistent_data = false /* Set to true in case the module should clear all persistent data. */ |
rgrover1 | 134:74079098b3c9 | 69 | }; |
rgrover1 | 134:74079098b3c9 | 70 | if (dm_init(&dm_init_param) != NRF_SUCCESS) { |
rgrover1 | 134:74079098b3c9 | 71 | return BLE_ERROR_UNSPECIFIED; |
rgrover1 | 134:74079098b3c9 | 72 | } |
rgrover1 | 134:74079098b3c9 | 73 | |
rgrover1 | 134:74079098b3c9 | 74 | const dm_application_param_t dm_param = { |
rgrover1 | 134:74079098b3c9 | 75 | .evt_handler = dm_handler, |
rgrover1 | 134:74079098b3c9 | 76 | .service_type = DM_PROTOCOL_CNTXT_GATT_CLI_ID, |
rgrover1 | 134:74079098b3c9 | 77 | .sec_param = { |
rgrover1 | 151:44c40836c82f | 78 | .bond = enableBonding,/**< Perform bonding. */ |
rgrover1 | 151:44c40836c82f | 79 | .mitm = requireMITM, /**< Man In The Middle protection required. */ |
rgrover1 | 151:44c40836c82f | 80 | .io_caps = iocaps, /**< IO capabilities, see @ref BLE_GAP_IO_CAPS. */ |
rgrover1 | 134:74079098b3c9 | 81 | .oob = 0, /**< Out Of Band data available. */ |
rgrover1 | 134:74079098b3c9 | 82 | .min_key_size = 16, /**< Minimum encryption key size in octets between 7 and 16. If 0 then not applicable in this instance. */ |
rgrover1 | 134:74079098b3c9 | 83 | .max_key_size = 16, /**< Maximum encryption key size in octets between min_key_size and 16. */ |
rgrover1 | 134:74079098b3c9 | 84 | .kdist_periph = { |
rgrover1 | 134:74079098b3c9 | 85 | .enc = 1, /**< Long Term Key and Master Identification. */ |
rgrover1 | 134:74079098b3c9 | 86 | .id = 1, /**< Identity Resolving Key and Identity Address Information. */ |
rgrover1 | 134:74079098b3c9 | 87 | .sign = 1, /**< Connection Signature Resolving Key. */ |
rgrover1 | 134:74079098b3c9 | 88 | }, /**< Key distribution bitmap: keys that the peripheral device will distribute. */ |
rgrover1 | 134:74079098b3c9 | 89 | } |
rgrover1 | 134:74079098b3c9 | 90 | }; |
rgrover1 | 134:74079098b3c9 | 91 | |
rgrover1 | 144:9d73e7f9f2bf | 92 | if ((rc = dm_register(&applicationInstance, &dm_param)) != NRF_SUCCESS) { |
rgrover1 | 144:9d73e7f9f2bf | 93 | switch (rc) { |
rgrover1 | 144:9d73e7f9f2bf | 94 | case NRF_ERROR_INVALID_STATE: |
rgrover1 | 144:9d73e7f9f2bf | 95 | return BLE_ERROR_INVALID_STATE; |
rgrover1 | 144:9d73e7f9f2bf | 96 | case NRF_ERROR_NO_MEM: |
rgrover1 | 144:9d73e7f9f2bf | 97 | return BLE_ERROR_NO_MEM; |
rgrover1 | 144:9d73e7f9f2bf | 98 | default: |
rgrover1 | 144:9d73e7f9f2bf | 99 | return BLE_ERROR_UNSPECIFIED; |
rgrover1 | 144:9d73e7f9f2bf | 100 | } |
rgrover1 | 134:74079098b3c9 | 101 | } |
rgrover1 | 134:74079098b3c9 | 102 | |
rgrover1 | 145:9d8fce4b4d5a | 103 | initialized = true; |
rgrover1 | 144:9d73e7f9f2bf | 104 | return BLE_ERROR_NONE; |
rgrover1 | 137:9bb49953de6a | 105 | } |
rgrover1 | 137:9bb49953de6a | 106 | |
rgrover1 | 137:9bb49953de6a | 107 | ble_error_t |
rgrover1 | 141:3a5282e3f30c | 108 | btle_purgeAllBondingState(void) |
rgrover1 | 137:9bb49953de6a | 109 | { |
rgrover1 | 137:9bb49953de6a | 110 | ret_code_t rc; |
rgrover1 | 138:aafab7b0a8bd | 111 | if ((rc = dm_device_delete_all(&applicationInstance)) == NRF_SUCCESS) { |
rgrover1 | 138:aafab7b0a8bd | 112 | return BLE_ERROR_NONE; |
rgrover1 | 138:aafab7b0a8bd | 113 | } |
rgrover1 | 137:9bb49953de6a | 114 | |
rgrover1 | 138:aafab7b0a8bd | 115 | switch (rc) { |
rgrover1 | 138:aafab7b0a8bd | 116 | case NRF_ERROR_INVALID_STATE: |
rgrover1 | 138:aafab7b0a8bd | 117 | return BLE_ERROR_INVALID_STATE; |
rgrover1 | 138:aafab7b0a8bd | 118 | case NRF_ERROR_NO_MEM: |
rgrover1 | 138:aafab7b0a8bd | 119 | return BLE_ERROR_NO_MEM; |
rgrover1 | 138:aafab7b0a8bd | 120 | default: |
rgrover1 | 138:aafab7b0a8bd | 121 | return BLE_ERROR_UNSPECIFIED; |
rgrover1 | 138:aafab7b0a8bd | 122 | } |
rgrover1 | 134:74079098b3c9 | 123 | } |
rgrover1 | 134:74079098b3c9 | 124 | |
rgrover1 | 139:750eca573e18 | 125 | ble_error_t |
rgrover1 | 372:8f7d2137727a | 126 | btle_getLinkSecurity(Gap::Handle_t connectionHandle, SecurityManager::LinkSecurityStatus_t *securityStatusP) |
rgrover1 | 139:750eca573e18 | 127 | { |
rgrover1 | 142:586e146a3903 | 128 | ret_code_t rc; |
rgrover1 | 149:a67b1b776aab | 129 | dm_handle_t dmHandle = { |
rgrover1 | 149:a67b1b776aab | 130 | .appl_id = applicationInstance, |
rgrover1 | 149:a67b1b776aab | 131 | }; |
rgrover1 | 139:750eca573e18 | 132 | if ((rc = dm_handle_get(connectionHandle, &dmHandle)) != NRF_SUCCESS) { |
rgrover1 | 139:750eca573e18 | 133 | if (rc == NRF_ERROR_NOT_FOUND) { |
rgrover1 | 139:750eca573e18 | 134 | return BLE_ERROR_INVALID_PARAM; |
rgrover1 | 139:750eca573e18 | 135 | } else { |
rgrover1 | 139:750eca573e18 | 136 | return BLE_ERROR_UNSPECIFIED; |
rgrover1 | 139:750eca573e18 | 137 | } |
rgrover1 | 139:750eca573e18 | 138 | } |
rgrover1 | 139:750eca573e18 | 139 | |
rgrover1 | 139:750eca573e18 | 140 | if ((rc = dm_security_status_req(&dmHandle, reinterpret_cast<dm_security_status_t *>(securityStatusP))) != NRF_SUCCESS) { |
rgrover1 | 139:750eca573e18 | 141 | switch (rc) { |
rgrover1 | 139:750eca573e18 | 142 | case NRF_ERROR_INVALID_STATE: |
rgrover1 | 139:750eca573e18 | 143 | return BLE_ERROR_INVALID_STATE; |
rgrover1 | 139:750eca573e18 | 144 | case NRF_ERROR_NO_MEM: |
rgrover1 | 139:750eca573e18 | 145 | return BLE_ERROR_NO_MEM; |
rgrover1 | 139:750eca573e18 | 146 | default: |
rgrover1 | 139:750eca573e18 | 147 | return BLE_ERROR_UNSPECIFIED; |
rgrover1 | 139:750eca573e18 | 148 | } |
rgrover1 | 139:750eca573e18 | 149 | } |
rgrover1 | 139:750eca573e18 | 150 | |
rgrover1 | 139:750eca573e18 | 151 | return BLE_ERROR_NONE; |
rgrover1 | 139:750eca573e18 | 152 | } |
rgrover1 | 139:750eca573e18 | 153 | |
rgrover1 | 134:74079098b3c9 | 154 | ret_code_t |
rgrover1 | 134:74079098b3c9 | 155 | dm_handler(dm_handle_t const *p_handle, dm_event_t const *p_event, ret_code_t event_result) |
rgrover1 | 134:74079098b3c9 | 156 | { |
rgrover1 | 134:74079098b3c9 | 157 | switch (p_event->event_id) { |
rgrover1 | 153:0e74b7590ab2 | 158 | case DM_EVT_SECURITY_SETUP: /* started */ { |
rgrover1 | 153:0e74b7590ab2 | 159 | const ble_gap_sec_params_t *peerParams = &p_event->event_param.p_gap_param->params.sec_params_request.peer_params; |
rgrover1 | 394:0f7c5048efb3 | 160 | nRF5xSecurityManager::getInstance().processSecuritySetupInitiatedEvent(p_event->event_param.p_gap_param->conn_handle, |
rgrover1 | 372:8f7d2137727a | 161 | peerParams->bond, |
rgrover1 | 372:8f7d2137727a | 162 | peerParams->mitm, |
rgrover1 | 372:8f7d2137727a | 163 | (SecurityManager::SecurityIOCapabilities_t)peerParams->io_caps); |
rgrover1 | 134:74079098b3c9 | 164 | break; |
rgrover1 | 153:0e74b7590ab2 | 165 | } |
rgrover1 | 134:74079098b3c9 | 166 | case DM_EVT_SECURITY_SETUP_COMPLETE: |
rgrover1 | 394:0f7c5048efb3 | 167 | nRF5xSecurityManager::getInstance(). |
rgrover1 | 372:8f7d2137727a | 168 | processSecuritySetupCompletedEvent(p_event->event_param.p_gap_param->conn_handle, |
rgrover1 | 372:8f7d2137727a | 169 | (SecurityManager::SecurityCompletionStatus_t)(p_event->event_param.p_gap_param->params.auth_status.auth_status)); |
rgrover1 | 134:74079098b3c9 | 170 | break; |
rgrover1 | 159:ad708a3d7ad7 | 171 | case DM_EVT_LINK_SECURED: { |
rgrover1 | 159:ad708a3d7ad7 | 172 | unsigned securityMode = p_event->event_param.p_gap_param->params.conn_sec_update.conn_sec.sec_mode.sm; |
rgrover1 | 159:ad708a3d7ad7 | 173 | unsigned level = p_event->event_param.p_gap_param->params.conn_sec_update.conn_sec.sec_mode.lv; |
rgrover1 | 372:8f7d2137727a | 174 | SecurityManager::SecurityMode_t resolvedSecurityMode = SecurityManager::SECURITY_MODE_NO_ACCESS; |
rgrover1 | 159:ad708a3d7ad7 | 175 | switch (securityMode) { |
rgrover1 | 159:ad708a3d7ad7 | 176 | case 1: |
rgrover1 | 159:ad708a3d7ad7 | 177 | switch (level) { |
rgrover1 | 159:ad708a3d7ad7 | 178 | case 1: |
rgrover1 | 372:8f7d2137727a | 179 | resolvedSecurityMode = SecurityManager::SECURITY_MODE_ENCRYPTION_OPEN_LINK; |
rgrover1 | 159:ad708a3d7ad7 | 180 | break; |
rgrover1 | 159:ad708a3d7ad7 | 181 | case 2: |
rgrover1 | 372:8f7d2137727a | 182 | resolvedSecurityMode = SecurityManager::SECURITY_MODE_ENCRYPTION_NO_MITM; |
rgrover1 | 159:ad708a3d7ad7 | 183 | break; |
rgrover1 | 159:ad708a3d7ad7 | 184 | case 3: |
rgrover1 | 372:8f7d2137727a | 185 | resolvedSecurityMode = SecurityManager::SECURITY_MODE_ENCRYPTION_WITH_MITM; |
rgrover1 | 159:ad708a3d7ad7 | 186 | break; |
rgrover1 | 159:ad708a3d7ad7 | 187 | } |
rgrover1 | 159:ad708a3d7ad7 | 188 | break; |
rgrover1 | 159:ad708a3d7ad7 | 189 | case 2: |
rgrover1 | 159:ad708a3d7ad7 | 190 | switch (level) { |
rgrover1 | 159:ad708a3d7ad7 | 191 | case 1: |
rgrover1 | 372:8f7d2137727a | 192 | resolvedSecurityMode = SecurityManager::SECURITY_MODE_SIGNED_NO_MITM; |
rgrover1 | 159:ad708a3d7ad7 | 193 | break; |
rgrover1 | 159:ad708a3d7ad7 | 194 | case 2: |
rgrover1 | 372:8f7d2137727a | 195 | resolvedSecurityMode = SecurityManager::SECURITY_MODE_SIGNED_WITH_MITM; |
rgrover1 | 159:ad708a3d7ad7 | 196 | break; |
rgrover1 | 159:ad708a3d7ad7 | 197 | } |
rgrover1 | 159:ad708a3d7ad7 | 198 | break; |
rgrover1 | 159:ad708a3d7ad7 | 199 | } |
rgrover1 | 159:ad708a3d7ad7 | 200 | |
rgrover1 | 394:0f7c5048efb3 | 201 | nRF5xSecurityManager::getInstance().processLinkSecuredEvent(p_event->event_param.p_gap_param->conn_handle, resolvedSecurityMode); |
rgrover1 | 134:74079098b3c9 | 202 | break; |
rgrover1 | 159:ad708a3d7ad7 | 203 | } |
rgrover1 | 134:74079098b3c9 | 204 | case DM_EVT_DEVICE_CONTEXT_STORED: |
rgrover1 | 394:0f7c5048efb3 | 205 | nRF5xSecurityManager::getInstance().processSecurityContextStoredEvent(p_event->event_param.p_gap_param->conn_handle); |
rgrover1 | 134:74079098b3c9 | 206 | break; |
rgrover1 | 134:74079098b3c9 | 207 | default: |
rgrover1 | 134:74079098b3c9 | 208 | break; |
rgrover1 | 134:74079098b3c9 | 209 | } |
rgrover1 | 134:74079098b3c9 | 210 | |
rgrover1 | 134:74079098b3c9 | 211 | return NRF_SUCCESS; |
rgrover1 | 134:74079098b3c9 | 212 | } |