add support for SecurityManager
This commit is contained in:
parent
ef145ffba1
commit
954c08e84d
9 changed files with 130 additions and 49 deletions
|
@ -33,6 +33,8 @@
|
|||
#include "GapEvents.h"
|
||||
#include "nRF51Gap.h"
|
||||
#include "nRF51GattServer.h"
|
||||
#include "nRF51SecurityManager.h"
|
||||
|
||||
#include "device_manager.h"
|
||||
|
||||
#include "ble_hci.h"
|
||||
|
@ -151,7 +153,7 @@ static void btle_handler(ble_evt_t *p_ble_evt)
|
|||
}
|
||||
|
||||
case BLE_GAP_EVT_PASSKEY_DISPLAY:
|
||||
nRF51Gap::getInstance().processPasskeyDisplayEvent(p_ble_evt->evt.gap_evt.conn_handle, p_ble_evt->evt.gap_evt.params.passkey_display.passkey);
|
||||
nRF51SecurityManager::getInstance().processPasskeyDisplayEvent(p_ble_evt->evt.gap_evt.conn_handle, p_ble_evt->evt.gap_evt.params.passkey_display.passkey);
|
||||
break;
|
||||
|
||||
case BLE_GAP_EVT_TIMEOUT:
|
||||
|
|
|
@ -16,7 +16,10 @@
|
|||
|
||||
#include "btle.h"
|
||||
#include "pstorage.h"
|
||||
|
||||
#include "nRF51Gap.h"
|
||||
#include "nRF51SecurityManager.h"
|
||||
|
||||
#include "device_manager.h"
|
||||
#include "btle_security.h"
|
||||
|
||||
|
@ -24,7 +27,10 @@ static dm_application_instance_t applicationInstance;
|
|||
static ret_code_t dm_handler(dm_handle_t const *p_handle, dm_event_t const *p_event, ret_code_t event_result);
|
||||
|
||||
ble_error_t
|
||||
btle_initializeSecurity(bool enableBonding, bool requireMITM, Gap::SecurityIOCapabilities_t iocaps, const Gap::Passkey_t passkey)
|
||||
btle_initializeSecurity(bool enableBonding,
|
||||
bool requireMITM,
|
||||
SecurityManager::SecurityIOCapabilities_t iocaps,
|
||||
const SecurityManager::Passkey_t passkey)
|
||||
{
|
||||
/* guard against multiple initializations */
|
||||
static bool initialized = false;
|
||||
|
@ -114,7 +120,7 @@ btle_purgeAllBondingState(void)
|
|||
}
|
||||
|
||||
ble_error_t
|
||||
btle_getLinkSecurity(Gap::Handle_t connectionHandle, Gap::LinkSecurityStatus_t *securityStatusP)
|
||||
btle_getLinkSecurity(Gap::Handle_t connectionHandle, SecurityManager::LinkSecurityStatus_t *securityStatusP)
|
||||
{
|
||||
ret_code_t rc;
|
||||
dm_handle_t dmHandle = {
|
||||
|
@ -148,51 +154,52 @@ dm_handler(dm_handle_t const *p_handle, dm_event_t const *p_event, ret_code_t ev
|
|||
switch (p_event->event_id) {
|
||||
case DM_EVT_SECURITY_SETUP: /* started */ {
|
||||
const ble_gap_sec_params_t *peerParams = &p_event->event_param.p_gap_param->params.sec_params_request.peer_params;
|
||||
nRF51Gap::getInstance().processSecuritySetupInitiatedEvent(p_event->event_param.p_gap_param->conn_handle,
|
||||
peerParams->bond,
|
||||
peerParams->mitm,
|
||||
(Gap::SecurityIOCapabilities_t)peerParams->io_caps);
|
||||
nRF51SecurityManager::getInstance().processSecuritySetupInitiatedEvent(p_event->event_param.p_gap_param->conn_handle,
|
||||
peerParams->bond,
|
||||
peerParams->mitm,
|
||||
(SecurityManager::SecurityIOCapabilities_t)peerParams->io_caps);
|
||||
break;
|
||||
}
|
||||
case DM_EVT_SECURITY_SETUP_COMPLETE:
|
||||
nRF51Gap::getInstance().processSecuritySetupCompletedEvent(p_event->event_param.p_gap_param->conn_handle,
|
||||
(Gap::SecurityCompletionStatus_t)(p_event->event_param.p_gap_param->params.auth_status.auth_status));
|
||||
nRF51SecurityManager::getInstance().
|
||||
processSecuritySetupCompletedEvent(p_event->event_param.p_gap_param->conn_handle,
|
||||
(SecurityManager::SecurityCompletionStatus_t)(p_event->event_param.p_gap_param->params.auth_status.auth_status));
|
||||
break;
|
||||
case DM_EVT_LINK_SECURED: {
|
||||
unsigned securityMode = p_event->event_param.p_gap_param->params.conn_sec_update.conn_sec.sec_mode.sm;
|
||||
unsigned level = p_event->event_param.p_gap_param->params.conn_sec_update.conn_sec.sec_mode.lv;
|
||||
Gap::SecurityMode_t resolvedSecurityMode = Gap::SECURITY_MODE_NO_ACCESS;
|
||||
SecurityManager::SecurityMode_t resolvedSecurityMode = SecurityManager::SECURITY_MODE_NO_ACCESS;
|
||||
switch (securityMode) {
|
||||
case 1:
|
||||
switch (level) {
|
||||
case 1:
|
||||
resolvedSecurityMode = Gap::SECURITY_MODE_ENCRYPTION_OPEN_LINK;
|
||||
resolvedSecurityMode = SecurityManager::SECURITY_MODE_ENCRYPTION_OPEN_LINK;
|
||||
break;
|
||||
case 2:
|
||||
resolvedSecurityMode = Gap::SECURITY_MODE_ENCRYPTION_NO_MITM;
|
||||
resolvedSecurityMode = SecurityManager::SECURITY_MODE_ENCRYPTION_NO_MITM;
|
||||
break;
|
||||
case 3:
|
||||
resolvedSecurityMode = Gap::SECURITY_MODE_ENCRYPTION_WITH_MITM;
|
||||
resolvedSecurityMode = SecurityManager::SECURITY_MODE_ENCRYPTION_WITH_MITM;
|
||||
break;
|
||||
}
|
||||
break;
|
||||
case 2:
|
||||
switch (level) {
|
||||
case 1:
|
||||
resolvedSecurityMode = Gap::SECURITY_MODE_SIGNED_NO_MITM;
|
||||
resolvedSecurityMode = SecurityManager::SECURITY_MODE_SIGNED_NO_MITM;
|
||||
break;
|
||||
case 2:
|
||||
resolvedSecurityMode = Gap::SECURITY_MODE_SIGNED_WITH_MITM;
|
||||
resolvedSecurityMode = SecurityManager::SECURITY_MODE_SIGNED_WITH_MITM;
|
||||
break;
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
||||
nRF51Gap::getInstance().processLinkSecuredEvent(p_event->event_param.p_gap_param->conn_handle, resolvedSecurityMode);
|
||||
nRF51SecurityManager::getInstance().processLinkSecuredEvent(p_event->event_param.p_gap_param->conn_handle, resolvedSecurityMode);
|
||||
break;
|
||||
}
|
||||
case DM_EVT_DEVICE_CONTEXT_STORED:
|
||||
nRF51Gap::getInstance().processSecurityContextStoredEvent(p_event->event_param.p_gap_param->conn_handle);
|
||||
nRF51SecurityManager::getInstance().processSecurityContextStoredEvent(p_event->event_param.p_gap_param->conn_handle);
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
|
|
|
@ -18,6 +18,7 @@
|
|||
#define _BTLE_SECURITY_H_
|
||||
|
||||
#include "Gap.h"
|
||||
#include "SecurityManager.h"
|
||||
|
||||
/**
|
||||
* Enable Nordic's Device Manager, which brings in functionality from the
|
||||
|
@ -34,10 +35,10 @@
|
|||
*
|
||||
* @return BLE_ERROR_NONE on success.
|
||||
*/
|
||||
ble_error_t btle_initializeSecurity(bool enableBonding = true,
|
||||
bool requireMITM = true,
|
||||
Gap::SecurityIOCapabilities_t iocaps = Gap::IO_CAPS_NONE,
|
||||
const Gap::Passkey_t passkey = NULL);
|
||||
ble_error_t btle_initializeSecurity(bool enableBonding = true,
|
||||
bool requireMITM = true,
|
||||
SecurityManager::SecurityIOCapabilities_t iocaps = SecurityManager::IO_CAPS_NONE,
|
||||
const SecurityManager::Passkey_t passkey = NULL);
|
||||
|
||||
/**
|
||||
* Get the security status of a link.
|
||||
|
@ -49,7 +50,7 @@ ble_error_t btle_initializeSecurity(bool enableBonding
|
|||
*
|
||||
* @return BLE_SUCCESS Or appropriate error code indicating reason for failure.
|
||||
*/
|
||||
ble_error_t btle_getLinkSecurity(Gap::Handle_t connectionHandle, Gap::LinkSecurityStatus_t *securityStatusP);
|
||||
ble_error_t btle_getLinkSecurity(Gap::Handle_t connectionHandle, SecurityManager::LinkSecurityStatus_t *securityStatusP);
|
||||
|
||||
/**
|
||||
* Function for deleting all peer device context and all related bonding
|
||||
|
|
|
@ -200,7 +200,7 @@ error_t custom_decode_uuid_base(uint8_t const *const p_uuid_base,
|
|||
error_t custom_add_in_characteristic(uint16_t service_handle,
|
||||
ble_uuid_t *p_uuid,
|
||||
uint8_t properties,
|
||||
Gap::SecurityMode_t requiredSecurity,
|
||||
SecurityManager::SecurityMode_t requiredSecurity,
|
||||
uint8_t *p_data,
|
||||
uint16_t min_length,
|
||||
uint16_t max_length,
|
||||
|
@ -246,19 +246,19 @@ error_t custom_add_in_characteristic(uint16_t service_handle,
|
|||
|
||||
if (char_props.read || char_props.notify || char_props.indicate) {
|
||||
switch (requiredSecurity) {
|
||||
case Gap::SECURITY_MODE_ENCRYPTION_OPEN_LINK :
|
||||
case SecurityManager::SECURITY_MODE_ENCRYPTION_OPEN_LINK :
|
||||
BLE_GAP_CONN_SEC_MODE_SET_OPEN(&attr_md.read_perm);
|
||||
break;
|
||||
case Gap::SECURITY_MODE_ENCRYPTION_NO_MITM :
|
||||
case SecurityManager::SECURITY_MODE_ENCRYPTION_NO_MITM :
|
||||
BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM(&attr_md.read_perm);
|
||||
break;
|
||||
case Gap::SECURITY_MODE_ENCRYPTION_WITH_MITM :
|
||||
case SecurityManager::SECURITY_MODE_ENCRYPTION_WITH_MITM :
|
||||
BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM(&attr_md.read_perm);
|
||||
break;
|
||||
case Gap::SECURITY_MODE_SIGNED_NO_MITM :
|
||||
case SecurityManager::SECURITY_MODE_SIGNED_NO_MITM :
|
||||
BLE_GAP_CONN_SEC_MODE_SET_SIGNED_NO_MITM(&attr_md.read_perm);
|
||||
break;
|
||||
case Gap::SECURITY_MODE_SIGNED_WITH_MITM :
|
||||
case SecurityManager::SECURITY_MODE_SIGNED_WITH_MITM :
|
||||
BLE_GAP_CONN_SEC_MODE_SET_SIGNED_WITH_MITM(&attr_md.read_perm);
|
||||
break;
|
||||
default:
|
||||
|
@ -268,19 +268,19 @@ error_t custom_add_in_characteristic(uint16_t service_handle,
|
|||
|
||||
if (char_props.write || char_props.write_wo_resp) {
|
||||
switch (requiredSecurity) {
|
||||
case Gap::SECURITY_MODE_ENCRYPTION_OPEN_LINK :
|
||||
case SecurityManager::SECURITY_MODE_ENCRYPTION_OPEN_LINK :
|
||||
BLE_GAP_CONN_SEC_MODE_SET_OPEN(&attr_md.write_perm);
|
||||
break;
|
||||
case Gap::SECURITY_MODE_ENCRYPTION_NO_MITM :
|
||||
case SecurityManager::SECURITY_MODE_ENCRYPTION_NO_MITM :
|
||||
BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM(&attr_md.write_perm);
|
||||
break;
|
||||
case Gap::SECURITY_MODE_ENCRYPTION_WITH_MITM :
|
||||
case SecurityManager::SECURITY_MODE_ENCRYPTION_WITH_MITM :
|
||||
BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM(&attr_md.write_perm);
|
||||
break;
|
||||
case Gap::SECURITY_MODE_SIGNED_NO_MITM :
|
||||
case SecurityManager::SECURITY_MODE_SIGNED_NO_MITM :
|
||||
BLE_GAP_CONN_SEC_MODE_SET_SIGNED_NO_MITM(&attr_md.write_perm);
|
||||
break;
|
||||
case Gap::SECURITY_MODE_SIGNED_WITH_MITM :
|
||||
case SecurityManager::SECURITY_MODE_SIGNED_WITH_MITM :
|
||||
BLE_GAP_CONN_SEC_MODE_SET_SIGNED_WITH_MITM(&attr_md.write_perm);
|
||||
break;
|
||||
default:
|
||||
|
|
|
@ -34,7 +34,7 @@ ble_uuid_t custom_convert_to_nordic_uuid(const UUID &uuid);
|
|||
error_t custom_add_in_characteristic(uint16_t service_handle,
|
||||
ble_uuid_t *p_uuid,
|
||||
uint8_t properties,
|
||||
Gap::SecurityMode_t requiredSecurity,
|
||||
SecurityManager::SecurityMode_t requiredSecurity,
|
||||
uint8_t *p_data,
|
||||
uint16_t min_length,
|
||||
uint16_t max_length,
|
||||
|
|
18
nRF51822n.h
18
nRF51822n.h
|
@ -23,8 +23,8 @@
|
|||
#include "nRF51Gap.h"
|
||||
#include "nRF51GattServer.h"
|
||||
#include "nRF51GattClient.h"
|
||||
#include "nRF51SecurityManager.h"
|
||||
#include "btle.h"
|
||||
#include "btle_security.h"
|
||||
|
||||
class nRF51822n : public BLEInstanceBase
|
||||
{
|
||||
|
@ -32,6 +32,8 @@ public:
|
|||
nRF51822n(void);
|
||||
virtual ~nRF51822n(void);
|
||||
|
||||
virtual ble_error_t init(void);
|
||||
virtual ble_error_t shutdown(void);
|
||||
virtual const char *getVersion(void);
|
||||
|
||||
virtual Gap &getGap() {
|
||||
|
@ -49,15 +51,11 @@ public:
|
|||
virtual GattClient &getGattClient() {
|
||||
return nRF51GattClient::getInstance();
|
||||
}
|
||||
|
||||
virtual ble_error_t init(void);
|
||||
virtual ble_error_t shutdown(void);
|
||||
virtual ble_error_t reset(void);
|
||||
virtual ble_error_t initializeSecurity(bool enableBonding = true,
|
||||
bool requireMITM = true,
|
||||
Gap::SecurityIOCapabilities_t iocaps = Gap::IO_CAPS_NONE,
|
||||
const Gap::Passkey_t passkey = NULL) {
|
||||
return btle_initializeSecurity(enableBonding, requireMITM, iocaps, passkey);
|
||||
virtual const SecurityManager &getSecurityManager() const {
|
||||
return nRF51SecurityManager::getInstance();
|
||||
}
|
||||
virtual SecurityManager &getSecurityManager() {
|
||||
return nRF51SecurityManager::getInstance();
|
||||
}
|
||||
virtual void waitForEvent(void);
|
||||
};
|
||||
|
|
|
@ -54,11 +54,6 @@ public:
|
|||
virtual ble_error_t connect(const Address_t, Gap::AddressType_t peerAddrType, const ConnectionParams_t *connectionParams, const GapScanningParams *scanParams);
|
||||
virtual ble_error_t disconnect(DisconnectionReason_t reason);
|
||||
|
||||
virtual ble_error_t purgeAllBondingState(void) {return btle_purgeAllBondingState();}
|
||||
virtual ble_error_t getLinkSecurity(Handle_t connectionHandle, LinkSecurityStatus_t *securityStatusP) {
|
||||
return btle_getLinkSecurity(connectionHandle, securityStatusP);
|
||||
}
|
||||
|
||||
virtual ble_error_t setDeviceName(const uint8_t *deviceName);
|
||||
virtual ble_error_t getDeviceName(uint8_t *deviceName, unsigned *lengthP);
|
||||
virtual ble_error_t setAppearance(GapAdvertisingData::Appearance appearance);
|
||||
|
|
22
nRF51SecurityManager.cpp
Normal file
22
nRF51SecurityManager.cpp
Normal file
|
@ -0,0 +1,22 @@
|
|||
/* mbed Microcontroller Library
|
||||
* Copyright (c) 2006-2013 ARM Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include "nRF51SecurityManager.h"
|
||||
|
||||
nRF51SecurityManager &nRF51SecurityManager::getInstance(void) {
|
||||
static nRF51SecurityManager m_instance;
|
||||
return m_instance;
|
||||
}
|
56
nRF51SecurityManager.h
Normal file
56
nRF51SecurityManager.h
Normal file
|
@ -0,0 +1,56 @@
|
|||
/* mbed Microcontroller Library
|
||||
* Copyright (c) 2006-2013 ARM Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#ifndef __NRF51822_SECURITY_MANAGER_H__
|
||||
#define __NRF51822_SECURITY_MANAGER_H__
|
||||
|
||||
#include <stddef.h>
|
||||
|
||||
#include "SecurityManager.h"
|
||||
#include "btle_security.h"
|
||||
|
||||
class nRF51SecurityManager : public SecurityManager
|
||||
{
|
||||
public:
|
||||
static nRF51SecurityManager &getInstance();
|
||||
|
||||
/* Functions that must be implemented from SecurityManager */
|
||||
virtual ble_error_t init(bool enableBonding,
|
||||
bool requireMITM,
|
||||
SecurityIOCapabilities_t iocaps,
|
||||
const Passkey_t passkey) {
|
||||
return btle_initializeSecurity(enableBonding, requireMITM, iocaps, passkey);
|
||||
}
|
||||
|
||||
virtual ble_error_t getLinkSecurity(Gap::Handle_t connectionHandle, LinkSecurityStatus_t *securityStatusP) {
|
||||
return btle_getLinkSecurity(connectionHandle, securityStatusP);
|
||||
}
|
||||
|
||||
virtual ble_error_t purgeAllBondingState(void) {
|
||||
return btle_purgeAllBondingState();
|
||||
}
|
||||
|
||||
public:
|
||||
nRF51SecurityManager() {
|
||||
/* empty */
|
||||
}
|
||||
|
||||
private:
|
||||
nRF51SecurityManager(const nRF51SecurityManager &);
|
||||
const nRF51SecurityManager& operator=(const nRF51SecurityManager &);
|
||||
};
|
||||
|
||||
#endif // ifndef __NRF51822_SECURITY_MANAGER_H__
|
Loading…
Reference in a new issue