Nordic Semiconductor
Nordic stack and drivers for the mbed BLE API
Dependents: BLE_ANCS_SDAPI BLE_temperature BLE_HeartRate writable_gatt ... more
Revision 598:814c1ce92947, committed 2016-01-11
- Comitter:
- vcoubard
- Date:
- Mon Jan 11 10:19:35 2016 +0000
- Parent:
- 597:bcd5e287c494
- Child:
- 599:3e66e1eb264d
- Commit message:
- Synchronized with git rev c9b6bb9b
Author: Andres Amaya Garcia
Almost complete implementation of whitelisting API
Changed in this revision
--- a/source/btle/btle_security.cpp Mon Jan 11 10:19:35 2016 +0000
+++ b/source/btle/btle_security.cpp Mon Jan 11 10:19:35 2016 +0000
@@ -21,11 +21,13 @@
extern "C" {
#include "pstorage.h"
#include "device_manager.h"
+#include "id_manager.h"
}
#include "btle_security.h"
static dm_application_instance_t applicationInstance;
+static bool initialized = false;
static ret_code_t dm_handler(dm_handle_t const *p_handle, dm_event_t const *p_event, ret_code_t event_result);
// default security parameters
@@ -43,7 +45,7 @@
}, /**< Key distribution bitmap: keys that the peripheral device will distribute. */
};
-ble_error_t btle_createWhitelistFromBonds(ble_gap_whitelist_t *p_whitelist)
+ble_error_t btle_createWhitelistFromBondTable(ble_gap_whitelist_t *p_whitelist)
{
ret_code_t err = dm_whitelist_create(&applicationInstance, p_whitelist);
if (err == NRF_SUCCESS) {
@@ -55,6 +57,11 @@
}
}
+bool btle_hasInitializedSecurity(void)
+{
+ return initialized;
+}
+
ble_error_t
btle_initializeSecurity(bool enableBonding,
bool requireMITM,
@@ -62,7 +69,6 @@
const SecurityManager::Passkey_t passkey)
{
/* guard against multiple initializations */
- static bool initialized = false;
if (initialized) {
return BLE_ERROR_NONE;
}
@@ -273,4 +279,9 @@
}
return NRF_SUCCESS;
+}
+
+bool btle_matchAddressAndIrk(ble_gap_addr_t const * p_addr, ble_gap_irk_t const * p_irk)
+{
+ return im_address_resolve(p_addr, p_irk);
}
\ No newline at end of file
--- a/source/btle/btle_security.h Mon Jan 11 10:19:35 2016 +0000
+++ b/source/btle/btle_security.h Mon Jan 11 10:19:35 2016 +0000
@@ -40,7 +40,7 @@
SecurityManager::SecurityIOCapabilities_t iocaps = SecurityManager::IO_CAPS_NONE,
const SecurityManager::Passkey_t passkey = NULL);
-ble_error_t btle_createWhitelistFromBonds(ble_gap_whitelist_t *p_whitelist);
+ble_error_t btle_createWhitelistFromBondTable(ble_gap_whitelist_t *p_whitelist);
/**
* Get the security status of a link.
@@ -77,4 +77,8 @@
*/
ble_error_t btle_purgeAllBondingState(void);
+bool btle_hasInitializedSecurity(void);
+
+bool btle_matchAddressAndIrk(ble_gap_addr_t const * p_addr, ble_gap_irk_t const * p_irk);
+
#endif /* _BTLE_SECURITY_H_ */
\ No newline at end of file
--- a/source/nRF5xGap.cpp Mon Jan 11 10:19:35 2016 +0000
+++ b/source/nRF5xGap.cpp Mon Jan 11 10:19:35 2016 +0000
@@ -168,6 +168,18 @@
return BLE_ERROR_PARAM_OUT_OF_RANGE;
}
+ /* Add missing IRKs to whitelist from the bond table held by the SoftDevice */
+ if (advertisingPolicyMode != Gap::ADV_POLICY_IGNORE_WHITELIST) {
+ ble_error_t error = generateStackWhitelist();
+ if (error != BLE_ERROR_NONE) {
+ return error;
+ }
+ } else {
+ /* Reset the whitelist table to avoid any errors */
+ whitelist.addr_count = 0;
+ whitelist.irk_count = 0;
+ }
+
/* Start Advertising */
ble_gap_adv_params_t adv_para = {0};
@@ -185,6 +197,47 @@
return BLE_ERROR_NONE;
}
+/* Observer role is not supported by S110, return BLE_ERROR_NOT_IMPLEMENTED */
+#if !defined(TARGET_MCU_NRF51_16K_S110) && !defined(TARGET_MCU_NRF51_32K_S110)
+ble_error_t nRF5xGap::startRadioScan(const GapScanningParams &scanningParams) {
+
+ /* Add missing IRKs to whitelist from the bond table held by the SoftDevice */
+ if (scanningPolicyMode != Gap::SCAN_POLICY_IGNORE_WHITELIST) {
+ ble_error_t error = generateStackWhitelist();
+ if (error != BLE_ERROR_NONE) {
+ return error;
+ }
+ } else {
+ /* Reset the whitelist table to avoid any errors */
+ whitelist.addr_count = 0;
+ whitelist.irk_count = 0;
+ }
+
+ ble_gap_scan_params_t scanParams = {
+ .active = scanningParams.getActiveScanning(), /**< If 1, perform active scanning (scan requests). */
+ .selective = scanningPolicyMode, /**< If 1, ignore unknown devices (non whitelisted). */
+ .p_whitelist = &whitelist, /**< Pointer to whitelist, NULL if none is given. */
+ .interval = scanningParams.getInterval(), /**< Scan interval between 0x0004 and 0x4000 in 0.625ms units (2.5ms to 10.24s). */
+ .window = scanningParams.getWindow(), /**< Scan window between 0x0004 and 0x4000 in 0.625ms units (2.5ms to 10.24s). */
+ .timeout = scanningParams.getTimeout(), /**< Scan timeout between 0x0001 and 0xFFFF in seconds, 0x0000 disables timeout. */
+ };
+
+ if (sd_ble_gap_scan_start(&scanParams) != NRF_SUCCESS) {
+ return BLE_ERROR_PARAM_OUT_OF_RANGE;
+ }
+
+ return BLE_ERROR_NONE;
+}
+
+ble_error_t nRF5xGap::stopScan(void) {
+ if (sd_ble_gap_scan_stop() == NRF_SUCCESS) {
+ return BLE_ERROR_NONE;
+ }
+
+ return BLE_STACK_BUSY;
+}
+#endif
+
/**************************************************************************/
/*!
@brief Stops the BLE HW and disconnects from any devices
@@ -233,6 +286,18 @@
connParams.conn_sup_timeout = 600;
}
+ /* Add missing IRKs to whitelist from the bond table held by the SoftDevice */
+ if (scanningPolicyMode != Gap::SCAN_POLICY_IGNORE_WHITELIST) {
+ ble_error_t error = generateStackWhitelist();
+ if (error != BLE_ERROR_NONE) {
+ return error;
+ }
+ } else {
+ /* Reset the whitelist table to avoid any errors */
+ whitelist.addr_count = 0;
+ whitelist.irk_count = 0;
+ }
+
ble_gap_scan_params_t scanParams;
scanParams.selective = scanningPolicyMode; /**< If 1, ignore unknown devices (non whitelisted). */
scanParams.p_whitelist = &whitelist; /**< Pointer to whitelist, NULL if none is given. */
@@ -508,50 +573,58 @@
*countP = sizeof(permittedTxValues) / sizeof(int8_t);
}
-/////////////////////////WHITELISTING
-int8_t nRF5xGap::getMaxWhitelistSize(void) const
+uint8_t nRF5xGap::getMaxWhitelistSize(void) const
{
return YOTTA_CFG_WHITELIST_MAX_SIZE;
}
-ble_error_t nRF5xGap::getWhitelist(std::set<BLEProtocol::Address_t> &whitelist) const
+ble_error_t nRF5xGap::getWhitelist(Gap::Whitelist_t &whitelistOut) const
{
- for (uint8_t i = 0; i < whitelistAddressesSize; i++) {
- BLEProtocol::Address_t addr;//((BLEProtocol::AddressType_t)whitelistAddrs[i].addr_type, (BLEProtocol::AddressBytes_t) whitelistAddrs[i].addr);
- addr.type = (BLEProtocol::AddressType_t) whitelistAddrs[i].addr_type;
- memcpy(addr.address, whitelistAddrs[i].addr, sizeof(BLEProtocol::AddressBytes_t));
- whitelist.insert(addr);
+ uint8_t i;
+ for (i = 0; i < whitelistAddressesSize && i < whitelistOut.capacity; ++i) {
+ memcpy(&whitelistOut.addresses[i], &whitelistAddresses[i], sizeof(BLEProtocol::Address_t));
}
+ whitelistOut.size = i;
+
return BLE_ERROR_NONE;
}
-ble_error_t nRF5xGap::setWhitelist(std::set<BLEProtocol::Address_t> whitelistIn)
+ble_error_t nRF5xGap::setWhitelist(const Gap::Whitelist_t &whitelistIn)
{
+ if (whitelistIn.size > getMaxWhitelistSize()) {
+ return BLE_ERROR_PARAM_OUT_OF_RANGE;
+ }
+
whitelistAddressesSize = 0;
- for (std::set<BLEProtocol::Address_t>::iterator it = whitelistIn.begin(); it != whitelistIn.end(); it++) {
- whitelistAddrs[whitelistAddressesSize].addr_type = it->type;
- memcpy(whitelistAddrs[whitelistAddressesSize].addr, it->address, sizeof(BLEProtocol::AddressBytes_t));
+ for (uint8_t i = 0; i < whitelistIn.size; ++i) {
+ if (whitelistIn.addresses[i].type == BLEProtocol::AddressType_t::RANDOM_PRIVATE_NON_RESOLVABLE) {
+ /* This is not allowed because it is completely meaningless */
+ return BLE_ERROR_INVALID_PARAM;
+ }
+ memcpy(&whitelistAddresses[whitelistAddressesSize], &whitelistIn.addresses[i], sizeof(BLEProtocol::Address_t));
whitelistAddressesSize++;
}
- whitelist.addr_count = whitelistAddressesSize;
- whitelist.irk_count = whitelistIrksSize;
+
return BLE_ERROR_NONE;
}
-// Accessors
-void nRF5xGap::setAdvertisingPolicyMode(Gap::AdvertisingPolicyMode_t mode)
+ble_error_t nRF5xGap::setAdvertisingPolicyMode(Gap::AdvertisingPolicyMode_t mode)
{
advertisingPolicyMode = mode;
+
+ return BLE_ERROR_NONE;
}
-void nRF5xGap::setScanningPolicyMode(Gap::ScanningPolicyMode_t mode)
+ble_error_t nRF5xGap::setScanningPolicyMode(Gap::ScanningPolicyMode_t mode)
{
scanningPolicyMode = mode;
+
+ return BLE_ERROR_NONE;
}
-void nRF5xGap::setInitiatorPolicyMode(Gap::InitiatorPolicyMode_t mode)
+ble_error_t nRF5xGap::setInitiatorPolicyMode(Gap::InitiatorPolicyMode_t mode)
{
- initiatorPolicyMode = mode;
+ return BLE_ERROR_NOT_IMPLEMENTED;
}
Gap::AdvertisingPolicyMode_t nRF5xGap::getAdvertisingPolicyMode(void) const
@@ -566,6 +639,78 @@
Gap::InitiatorPolicyMode_t nRF5xGap::getInitiatorPolicyMode(void) const
{
- return initiatorPolicyMode;
+ return Gap::INIT_POLICY_IGNORE_WHITELIST;
}
-/////////////////////////
\ No newline at end of file
+
+ble_error_t nRF5xGap::generateStackWhitelist(void)
+{
+ ble_gap_whitelist_t whitelistFromBondTable;
+ ble_gap_addr_t *addressPtr[1];
+ ble_gap_irk_t *irkPtr[YOTTA_CFG_IRK_TABLE_MAX_SIZE];
+
+ nRF5xSecurityManager& securityManager = (nRF5xSecurityManager&) nRF5xn::Instance(0).getSecurityManager();
+
+ if (securityManager.hasInitialized()) {
+ /* We do not care about the addresses, set the count to 0 */
+ whitelistFromBondTable.addr_count = 0;
+ /* The Nordic SDK will return a failure if we set pp_addr to NULL */
+ whitelistFromBondTable.pp_addrs = addressPtr;
+ /* We want all the IRKs we can get because we do not know which ones match the addresses */
+ whitelistFromBondTable.irk_count = YOTTA_CFG_IRK_TABLE_MAX_SIZE;
+ whitelistFromBondTable.pp_irks = irkPtr;
+
+ /* Use the security manager to get the IRKs from the bond table */
+ ble_error_t error = securityManager.createWhitelistFromBondTable(whitelistFromBondTable);
+ if (error != BLE_ERROR_NONE) {
+ return error;
+ }
+ } else {
+ /**
+ * If there is no security manager then we cannot access the bond table,
+ * so disable IRK matching
+ */
+ whitelistFromBondTable.addr_count = 0;
+ whitelistFromBondTable.irk_count = 0;
+ }
+
+ /**
+ * For every private resolvable address in the local whitelist check if
+ * there is an IRK for said address in the bond table and add it to the
+ * local IRK list.
+ */
+ whitelist.irk_count = 0;
+ whitelist.addr_count = 0;
+ for (uint8_t i = 0; i < whitelistAddressesSize; ++i) {
+ if (whitelistAddresses[i].addr_type == BLEProtocol::AddressType_t::RANDOM_PRIVATE_RESOLVABLE) {
+ /* Test if there is a matching IRK for this private resolvable address */
+ for (uint8_t j = 0; j < whitelistFromBondTable.irk_count; ++j) {
+ if (securityManager.matchAddressAndIrk(&whitelistAddresses[i], whitelistFromBondTable.pp_irks[j])) {
+ /* Found the corresponding IRK, add it to our local whitelist */
+ whitelist.pp_irks[whitelist.irk_count] = whitelistFromBondTable.pp_irks[j];
+ whitelist.irk_count++;
+ /* Make sure we do not look at this IRK again */
+ if (j != whitelistFromBondTable.irk_count - 1) {
+ /**
+ * This is not the last IRK, so replace the pointer
+ * with the last pointer in the array
+ */
+ whitelistFromBondTable.pp_irks[j] =
+ whitelistFromBondTable.pp_irks[whitelistFromBondTable.irk_count - 1];
+ }
+ /**
+ * If the IRK is the last pointer in the array simply
+ * decrement the total IRK count
+ */
+ whitelistFromBondTable.irk_count--;
+ break;
+ }
+ }
+ } else {
+ /* Include the address into the whitelist */
+ whitelist.pp_addrs[whitelist.addr_count] = &whitelistAddresses[i];
+ whitelist.addr_count++;
+ }
+ }
+
+ return BLE_ERROR_NONE;
+}
\ No newline at end of file
--- a/source/nRF5xGap.h Mon Jan 11 10:19:35 2016 +0000
+++ b/source/nRF5xGap.h Mon Jan 11 10:19:35 2016 +0000
@@ -28,6 +28,12 @@
#undef YOTTA_CFG_WHITELIST_MAX_SIZE
#define YOTTA_CFG_WHITELIST_MAX_SIZE BLE_GAP_WHITELIST_ADDR_MAX_COUNT
#endif
+#ifndef YOTTA_CFG_IRK_TABLE_MAX_SIZE
+ #define YOTTA_CFG_IRK_TABLE_MAX_SIZE BLE_GAP_WHITELIST_IRK_MAX_COUNT
+#elif YOTTA_CFG_IRK_TABLE_MAX_SIZE > BLE_GAP_WHITELIST_IRK_MAX_COUNT
+ #undef YOTTA_CFG_IRK_TABLE_MAX_SIZE
+ #define YOTTA_CFG_IRK_TABLE_MAX_SIZE BLE_GAP_WHITELIST_IRK_MAX_COUNT
+#endif
#include "ble/blecommon.h"
#include "ble.h"
#include "ble/GapAdvertisingParams.h"
@@ -43,8 +49,6 @@
#include "btle_security.h"
-#include <set>
-
void radioNotificationStaticCallback(bool param);
/**************************************************************************/
@@ -88,19 +92,16 @@
virtual ble_error_t reset(void);
- /////////////////// WHITELISTING
- virtual int8_t getMaxWhitelistSize(void) const;
- virtual ble_error_t getWhitelist(std::set<BLEProtocol::Address_t> &whitelist) const;
- virtual ble_error_t setWhitelist(std::set<BLEProtocol::Address_t> whitelist);
+ virtual uint8_t getMaxWhitelistSize(void) const;
+ virtual ble_error_t getWhitelist(Gap::Whitelist_t &whitelistOut) const;
+ virtual ble_error_t setWhitelist(const Gap::Whitelist_t &whitelistIn);
- // Accessors
- virtual void setAdvertisingPolicyMode(AdvertisingPolicyMode_t mode);
- virtual void setScanningPolicyMode(ScanningPolicyMode_t mode);
- virtual void setInitiatorPolicyMode(InitiatorPolicyMode_t mode);
+ virtual ble_error_t setAdvertisingPolicyMode(AdvertisingPolicyMode_t mode);
+ virtual ble_error_t setScanningPolicyMode(ScanningPolicyMode_t mode);
+ virtual ble_error_t setInitiatorPolicyMode(InitiatorPolicyMode_t mode);
virtual Gap::AdvertisingPolicyMode_t getAdvertisingPolicyMode(void) const;
virtual Gap::ScanningPolicyMode_t getScanningPolicyMode(void) const;
virtual Gap::InitiatorPolicyMode_t getInitiatorPolicyMode(void) const;
- ///////////////////
virtual ble_error_t initRadioNotification(void) {
if (ble_radio_notification_init(NRF_APP_PRIORITY_HIGH, NRF_RADIO_NOTIFICATION_DISTANCE_800US, radioNotificationStaticCallback) == NRF_SUCCESS) {
@@ -112,47 +113,31 @@
/* Observer role is not supported by S110, return BLE_ERROR_NOT_IMPLEMENTED */
#if !defined(TARGET_MCU_NRF51_16K_S110) && !defined(TARGET_MCU_NRF51_32K_S110)
- virtual ble_error_t startRadioScan(const GapScanningParams &scanningParams) {
- ble_gap_scan_params_t scanParams = {
- .active = scanningParams.getActiveScanning(), /**< If 1, perform active scanning (scan requests). */
- .selective = scanningPolicyMode, /**< If 1, ignore unknown devices (non whitelisted). */
- .p_whitelist = &whitelist, /**< Pointer to whitelist, NULL if none is given. */
- .interval = scanningParams.getInterval(), /**< Scan interval between 0x0004 and 0x4000 in 0.625ms units (2.5ms to 10.24s). */
- .window = scanningParams.getWindow(), /**< Scan window between 0x0004 and 0x4000 in 0.625ms units (2.5ms to 10.24s). */
- .timeout = scanningParams.getTimeout(), /**< Scan timeout between 0x0001 and 0xFFFF in seconds, 0x0000 disables timeout. */
- };
-
- if (sd_ble_gap_scan_start(&scanParams) != NRF_SUCCESS) {
- return BLE_ERROR_PARAM_OUT_OF_RANGE;
- }
-
- return BLE_ERROR_NONE;
- }
-
- virtual ble_error_t stopScan(void) {
- if (sd_ble_gap_scan_stop() == NRF_SUCCESS) {
- return BLE_ERROR_NONE;
- }
-
- return BLE_STACK_BUSY;
- }
+ virtual ble_error_t startRadioScan(const GapScanningParams &scanningParams);
+ virtual ble_error_t stopScan(void);
#endif
private:
- /////////////////WHITELISTING
+ /* Policy modes set by the user. By default these are set to ignore the whitelist */
Gap::AdvertisingPolicyMode_t advertisingPolicyMode;
Gap::ScanningPolicyMode_t scanningPolicyMode;
- Gap::InitiatorPolicyMode_t initiatorPolicyMode; /* Unused */
- ble_gap_addr_t whitelistAddrs[YOTTA_CFG_WHITELIST_MAX_SIZE];
- ble_gap_addr_t *whitelistAddresses[YOTTA_CFG_WHITELIST_MAX_SIZE];
- uint8_t whitelistAddressesSize;
- ble_gap_irk_t *whitelistIrks[YOTTA_CFG_WHITELIST_MAX_SIZE];
- uint8_t whitelistIrksSize;
+ /* Internal representation of a whitelist */
+ uint8_t whitelistAddressesSize;
+ ble_gap_addr_t whitelistAddresses[YOTTA_CFG_WHITELIST_MAX_SIZE];
+ ble_gap_addr_t *whitelistAddressPtrs[YOTTA_CFG_WHITELIST_MAX_SIZE];
+ ble_gap_irk_t *whitelistIrkPtrs[YOTTA_CFG_IRK_TABLE_MAX_SIZE];
+ /* Structure used by the SoftDevice to represent a whitelist together with IRK table */
ble_gap_whitelist_t whitelist;
- /////////////////
+ /*
+ * An internal function used to populate the ble_gap_whitelist_t that will be used by
+ * the SoftDevice for filtering requests. This function is needed because for the BLE
+ * API the whitelist is just a collection of keys, but for the stack it also includes
+ * the IRK table.
+ */
+ ble_error_t generateStackWhitelist(void);
bool radioNotificationCallbackParam; /* parameter to be passed into the Timeout-generated radio notification callback. */
Timeout radioNotificationTimeout;
@@ -245,17 +230,15 @@
nRF5xGap() :
advertisingPolicyMode(Gap::ADV_POLICY_IGNORE_WHITELIST),
- scanningPolicyMode(Gap::SCAN_POLICY_IGNORE_WHITELIST),
- initiatorPolicyMode(Gap::INIT_POLICY_IGNORE_WHITELIST),
- whitelistAddressesSize(0),
- whitelistIrksSize(0) {
+ scanningPolicyMode(Gap::SCAN_POLICY_IGNORE_WHITELIST) {
m_connectionHandle = BLE_CONN_HANDLE_INVALID;
- whitelist.pp_addrs = whitelistAddresses;
- for (int i = 0; i < YOTTA_CFG_WHITELIST_MAX_SIZE; i++) {
- whitelistAddresses[i] = &(whitelistAddrs[i]);
- }
- whitelist.pp_irks = whitelistIrks;
+ /* Reset the whitelist */
+ whitelist.addr_count = 0;
+ whitelist.irk_count = 0;
+ whitelist.pp_irks = whitelistIrkPtrs;
+ whitelist.pp_addrs = whitelistAddressPtrs;
+ whitelistAddressesSize = 0;
}
nRF5xGap(nRF5xGap const &);
--- a/source/nRF5xSecurityManager.h Mon Jan 11 10:19:35 2016 +0000
+++ b/source/nRF5xSecurityManager.h Mon Jan 11 10:19:35 2016 +0000
@@ -19,6 +19,7 @@
#include <stddef.h>
+#include "nRF5xGap.h"
#include "ble/SecurityManager.h"
#include "btle_security.h"
@@ -60,6 +61,10 @@
return BLE_ERROR_NONE;
}
+ bool hasInitialized(void) const {
+ return btle_hasInitializedSecurity();
+ }
+
public:
/*
* Allow instantiation from nRF5xn when required.
@@ -73,6 +78,15 @@
private:
nRF5xSecurityManager(const nRF5xSecurityManager &);
const nRF5xSecurityManager& operator=(const nRF5xSecurityManager &);
+
+ ble_error_t createWhitelistFromBondTable(ble_gap_whitelist_t &whitelistFromBondTable) const {
+ return btle_createWhitelistFromBondTable(&whitelistFromBondTable);
+ }
+
+ bool matchAddressAndIrk(ble_gap_addr_t *address, ble_gap_irk_t *irk) const {
+ return btle_matchAddressAndIrk(address, irk);
+ }
+ friend class nRF5xGap;
};
#endif // ifndef __NRF51822_SECURITY_MANAGER_H__
\ No newline at end of file
