add support for SecurityManager

This commit is contained in:
Rohit Grover 2015-06-19 08:28:35 +01:00
parent ef145ffba1
commit 954c08e84d
9 changed files with 130 additions and 49 deletions

View File

@ -33,6 +33,8 @@
#include "GapEvents.h"
#include "nRF51Gap.h"
#include "nRF51GattServer.h"
#include "nRF51SecurityManager.h"
#include "device_manager.h"
#include "ble_hci.h"
@ -151,7 +153,7 @@ static void btle_handler(ble_evt_t *p_ble_evt)
}
case BLE_GAP_EVT_PASSKEY_DISPLAY:
nRF51Gap::getInstance().processPasskeyDisplayEvent(p_ble_evt->evt.gap_evt.conn_handle, p_ble_evt->evt.gap_evt.params.passkey_display.passkey);
nRF51SecurityManager::getInstance().processPasskeyDisplayEvent(p_ble_evt->evt.gap_evt.conn_handle, p_ble_evt->evt.gap_evt.params.passkey_display.passkey);
break;
case BLE_GAP_EVT_TIMEOUT:

View File

@ -16,7 +16,10 @@
#include "btle.h"
#include "pstorage.h"
#include "nRF51Gap.h"
#include "nRF51SecurityManager.h"
#include "device_manager.h"
#include "btle_security.h"
@ -24,7 +27,10 @@ static dm_application_instance_t applicationInstance;
static ret_code_t dm_handler(dm_handle_t const *p_handle, dm_event_t const *p_event, ret_code_t event_result);
ble_error_t
btle_initializeSecurity(bool enableBonding, bool requireMITM, Gap::SecurityIOCapabilities_t iocaps, const Gap::Passkey_t passkey)
btle_initializeSecurity(bool enableBonding,
bool requireMITM,
SecurityManager::SecurityIOCapabilities_t iocaps,
const SecurityManager::Passkey_t passkey)
{
/* guard against multiple initializations */
static bool initialized = false;
@ -114,7 +120,7 @@ btle_purgeAllBondingState(void)
}
ble_error_t
btle_getLinkSecurity(Gap::Handle_t connectionHandle, Gap::LinkSecurityStatus_t *securityStatusP)
btle_getLinkSecurity(Gap::Handle_t connectionHandle, SecurityManager::LinkSecurityStatus_t *securityStatusP)
{
ret_code_t rc;
dm_handle_t dmHandle = {
@ -148,51 +154,52 @@ dm_handler(dm_handle_t const *p_handle, dm_event_t const *p_event, ret_code_t ev
switch (p_event->event_id) {
case DM_EVT_SECURITY_SETUP: /* started */ {
const ble_gap_sec_params_t *peerParams = &p_event->event_param.p_gap_param->params.sec_params_request.peer_params;
nRF51Gap::getInstance().processSecuritySetupInitiatedEvent(p_event->event_param.p_gap_param->conn_handle,
peerParams->bond,
peerParams->mitm,
(Gap::SecurityIOCapabilities_t)peerParams->io_caps);
nRF51SecurityManager::getInstance().processSecuritySetupInitiatedEvent(p_event->event_param.p_gap_param->conn_handle,
peerParams->bond,
peerParams->mitm,
(SecurityManager::SecurityIOCapabilities_t)peerParams->io_caps);
break;
}
case DM_EVT_SECURITY_SETUP_COMPLETE:
nRF51Gap::getInstance().processSecuritySetupCompletedEvent(p_event->event_param.p_gap_param->conn_handle,
(Gap::SecurityCompletionStatus_t)(p_event->event_param.p_gap_param->params.auth_status.auth_status));
nRF51SecurityManager::getInstance().
processSecuritySetupCompletedEvent(p_event->event_param.p_gap_param->conn_handle,
(SecurityManager::SecurityCompletionStatus_t)(p_event->event_param.p_gap_param->params.auth_status.auth_status));
break;
case DM_EVT_LINK_SECURED: {
unsigned securityMode = p_event->event_param.p_gap_param->params.conn_sec_update.conn_sec.sec_mode.sm;
unsigned level = p_event->event_param.p_gap_param->params.conn_sec_update.conn_sec.sec_mode.lv;
Gap::SecurityMode_t resolvedSecurityMode = Gap::SECURITY_MODE_NO_ACCESS;
SecurityManager::SecurityMode_t resolvedSecurityMode = SecurityManager::SECURITY_MODE_NO_ACCESS;
switch (securityMode) {
case 1:
switch (level) {
case 1:
resolvedSecurityMode = Gap::SECURITY_MODE_ENCRYPTION_OPEN_LINK;
resolvedSecurityMode = SecurityManager::SECURITY_MODE_ENCRYPTION_OPEN_LINK;
break;
case 2:
resolvedSecurityMode = Gap::SECURITY_MODE_ENCRYPTION_NO_MITM;
resolvedSecurityMode = SecurityManager::SECURITY_MODE_ENCRYPTION_NO_MITM;
break;
case 3:
resolvedSecurityMode = Gap::SECURITY_MODE_ENCRYPTION_WITH_MITM;
resolvedSecurityMode = SecurityManager::SECURITY_MODE_ENCRYPTION_WITH_MITM;
break;
}
break;
case 2:
switch (level) {
case 1:
resolvedSecurityMode = Gap::SECURITY_MODE_SIGNED_NO_MITM;
resolvedSecurityMode = SecurityManager::SECURITY_MODE_SIGNED_NO_MITM;
break;
case 2:
resolvedSecurityMode = Gap::SECURITY_MODE_SIGNED_WITH_MITM;
resolvedSecurityMode = SecurityManager::SECURITY_MODE_SIGNED_WITH_MITM;
break;
}
break;
}
nRF51Gap::getInstance().processLinkSecuredEvent(p_event->event_param.p_gap_param->conn_handle, resolvedSecurityMode);
nRF51SecurityManager::getInstance().processLinkSecuredEvent(p_event->event_param.p_gap_param->conn_handle, resolvedSecurityMode);
break;
}
case DM_EVT_DEVICE_CONTEXT_STORED:
nRF51Gap::getInstance().processSecurityContextStoredEvent(p_event->event_param.p_gap_param->conn_handle);
nRF51SecurityManager::getInstance().processSecurityContextStoredEvent(p_event->event_param.p_gap_param->conn_handle);
break;
default:
break;

View File

@ -18,6 +18,7 @@
#define _BTLE_SECURITY_H_
#include "Gap.h"
#include "SecurityManager.h"
/**
* Enable Nordic's Device Manager, which brings in functionality from the
@ -34,10 +35,10 @@
*
* @return BLE_ERROR_NONE on success.
*/
ble_error_t btle_initializeSecurity(bool enableBonding = true,
bool requireMITM = true,
Gap::SecurityIOCapabilities_t iocaps = Gap::IO_CAPS_NONE,
const Gap::Passkey_t passkey = NULL);
ble_error_t btle_initializeSecurity(bool enableBonding = true,
bool requireMITM = true,
SecurityManager::SecurityIOCapabilities_t iocaps = SecurityManager::IO_CAPS_NONE,
const SecurityManager::Passkey_t passkey = NULL);
/**
* Get the security status of a link.
@ -49,7 +50,7 @@ ble_error_t btle_initializeSecurity(bool enableBonding
*
* @return BLE_SUCCESS Or appropriate error code indicating reason for failure.
*/
ble_error_t btle_getLinkSecurity(Gap::Handle_t connectionHandle, Gap::LinkSecurityStatus_t *securityStatusP);
ble_error_t btle_getLinkSecurity(Gap::Handle_t connectionHandle, SecurityManager::LinkSecurityStatus_t *securityStatusP);
/**
* Function for deleting all peer device context and all related bonding

View File

@ -200,7 +200,7 @@ error_t custom_decode_uuid_base(uint8_t const *const p_uuid_base,
error_t custom_add_in_characteristic(uint16_t service_handle,
ble_uuid_t *p_uuid,
uint8_t properties,
Gap::SecurityMode_t requiredSecurity,
SecurityManager::SecurityMode_t requiredSecurity,
uint8_t *p_data,
uint16_t min_length,
uint16_t max_length,
@ -246,19 +246,19 @@ error_t custom_add_in_characteristic(uint16_t service_handle,
if (char_props.read || char_props.notify || char_props.indicate) {
switch (requiredSecurity) {
case Gap::SECURITY_MODE_ENCRYPTION_OPEN_LINK :
case SecurityManager::SECURITY_MODE_ENCRYPTION_OPEN_LINK :
BLE_GAP_CONN_SEC_MODE_SET_OPEN(&attr_md.read_perm);
break;
case Gap::SECURITY_MODE_ENCRYPTION_NO_MITM :
case SecurityManager::SECURITY_MODE_ENCRYPTION_NO_MITM :
BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM(&attr_md.read_perm);
break;
case Gap::SECURITY_MODE_ENCRYPTION_WITH_MITM :
case SecurityManager::SECURITY_MODE_ENCRYPTION_WITH_MITM :
BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM(&attr_md.read_perm);
break;
case Gap::SECURITY_MODE_SIGNED_NO_MITM :
case SecurityManager::SECURITY_MODE_SIGNED_NO_MITM :
BLE_GAP_CONN_SEC_MODE_SET_SIGNED_NO_MITM(&attr_md.read_perm);
break;
case Gap::SECURITY_MODE_SIGNED_WITH_MITM :
case SecurityManager::SECURITY_MODE_SIGNED_WITH_MITM :
BLE_GAP_CONN_SEC_MODE_SET_SIGNED_WITH_MITM(&attr_md.read_perm);
break;
default:
@ -268,19 +268,19 @@ error_t custom_add_in_characteristic(uint16_t service_handle,
if (char_props.write || char_props.write_wo_resp) {
switch (requiredSecurity) {
case Gap::SECURITY_MODE_ENCRYPTION_OPEN_LINK :
case SecurityManager::SECURITY_MODE_ENCRYPTION_OPEN_LINK :
BLE_GAP_CONN_SEC_MODE_SET_OPEN(&attr_md.write_perm);
break;
case Gap::SECURITY_MODE_ENCRYPTION_NO_MITM :
case SecurityManager::SECURITY_MODE_ENCRYPTION_NO_MITM :
BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM(&attr_md.write_perm);
break;
case Gap::SECURITY_MODE_ENCRYPTION_WITH_MITM :
case SecurityManager::SECURITY_MODE_ENCRYPTION_WITH_MITM :
BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM(&attr_md.write_perm);
break;
case Gap::SECURITY_MODE_SIGNED_NO_MITM :
case SecurityManager::SECURITY_MODE_SIGNED_NO_MITM :
BLE_GAP_CONN_SEC_MODE_SET_SIGNED_NO_MITM(&attr_md.write_perm);
break;
case Gap::SECURITY_MODE_SIGNED_WITH_MITM :
case SecurityManager::SECURITY_MODE_SIGNED_WITH_MITM :
BLE_GAP_CONN_SEC_MODE_SET_SIGNED_WITH_MITM(&attr_md.write_perm);
break;
default:

View File

@ -34,7 +34,7 @@ ble_uuid_t custom_convert_to_nordic_uuid(const UUID &uuid);
error_t custom_add_in_characteristic(uint16_t service_handle,
ble_uuid_t *p_uuid,
uint8_t properties,
Gap::SecurityMode_t requiredSecurity,
SecurityManager::SecurityMode_t requiredSecurity,
uint8_t *p_data,
uint16_t min_length,
uint16_t max_length,

View File

@ -23,8 +23,8 @@
#include "nRF51Gap.h"
#include "nRF51GattServer.h"
#include "nRF51GattClient.h"
#include "nRF51SecurityManager.h"
#include "btle.h"
#include "btle_security.h"
class nRF51822n : public BLEInstanceBase
{
@ -32,6 +32,8 @@ public:
nRF51822n(void);
virtual ~nRF51822n(void);
virtual ble_error_t init(void);
virtual ble_error_t shutdown(void);
virtual const char *getVersion(void);
virtual Gap &getGap() {
@ -49,15 +51,11 @@ public:
virtual GattClient &getGattClient() {
return nRF51GattClient::getInstance();
}
virtual ble_error_t init(void);
virtual ble_error_t shutdown(void);
virtual ble_error_t reset(void);
virtual ble_error_t initializeSecurity(bool enableBonding = true,
bool requireMITM = true,
Gap::SecurityIOCapabilities_t iocaps = Gap::IO_CAPS_NONE,
const Gap::Passkey_t passkey = NULL) {
return btle_initializeSecurity(enableBonding, requireMITM, iocaps, passkey);
virtual const SecurityManager &getSecurityManager() const {
return nRF51SecurityManager::getInstance();
}
virtual SecurityManager &getSecurityManager() {
return nRF51SecurityManager::getInstance();
}
virtual void waitForEvent(void);
};

View File

@ -54,11 +54,6 @@ public:
virtual ble_error_t connect(const Address_t, Gap::AddressType_t peerAddrType, const ConnectionParams_t *connectionParams, const GapScanningParams *scanParams);
virtual ble_error_t disconnect(DisconnectionReason_t reason);
virtual ble_error_t purgeAllBondingState(void) {return btle_purgeAllBondingState();}
virtual ble_error_t getLinkSecurity(Handle_t connectionHandle, LinkSecurityStatus_t *securityStatusP) {
return btle_getLinkSecurity(connectionHandle, securityStatusP);
}
virtual ble_error_t setDeviceName(const uint8_t *deviceName);
virtual ble_error_t getDeviceName(uint8_t *deviceName, unsigned *lengthP);
virtual ble_error_t setAppearance(GapAdvertisingData::Appearance appearance);

22
nRF51SecurityManager.cpp Normal file
View File

@ -0,0 +1,22 @@
/* mbed Microcontroller Library
* Copyright (c) 2006-2013 ARM Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "nRF51SecurityManager.h"
nRF51SecurityManager &nRF51SecurityManager::getInstance(void) {
static nRF51SecurityManager m_instance;
return m_instance;
}

56
nRF51SecurityManager.h Normal file
View File

@ -0,0 +1,56 @@
/* mbed Microcontroller Library
* Copyright (c) 2006-2013 ARM Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef __NRF51822_SECURITY_MANAGER_H__
#define __NRF51822_SECURITY_MANAGER_H__
#include <stddef.h>
#include "SecurityManager.h"
#include "btle_security.h"
class nRF51SecurityManager : public SecurityManager
{
public:
static nRF51SecurityManager &getInstance();
/* Functions that must be implemented from SecurityManager */
virtual ble_error_t init(bool enableBonding,
bool requireMITM,
SecurityIOCapabilities_t iocaps,
const Passkey_t passkey) {
return btle_initializeSecurity(enableBonding, requireMITM, iocaps, passkey);
}
virtual ble_error_t getLinkSecurity(Gap::Handle_t connectionHandle, LinkSecurityStatus_t *securityStatusP) {
return btle_getLinkSecurity(connectionHandle, securityStatusP);
}
virtual ble_error_t purgeAllBondingState(void) {
return btle_purgeAllBondingState();
}
public:
nRF51SecurityManager() {
/* empty */
}
private:
nRF51SecurityManager(const nRF51SecurityManager &);
const nRF51SecurityManager& operator=(const nRF51SecurityManager &);
};
#endif // ifndef __NRF51822_SECURITY_MANAGER_H__