Release 0.3.3

=============

Enhancements
~~~~~~~~~~~~

* Bring in support for security related APIs.

Bugfixes
~~~~~~~~

none.
This commit is contained in:
Rohit Grover 2015-05-08 14:24:39 +01:00
commit a524435708
10 changed files with 354 additions and 122 deletions

112
btle/btle.cpp Executable file → Normal file
View file

@ -21,9 +21,6 @@
#include "ble_stack_handler_types.h"
#include "ble_flash.h"
#if NEED_BOND_MANAGER
#include "ble_bondmngr.h"
#endif
#include "ble_conn_params.h"
#include "btle_gap.h"
@ -36,19 +33,13 @@
#include "GapEvents.h"
#include "nRF51Gap.h"
#include "nRF51GattServer.h"
#include "device_manager.h"
#include "ble_hci.h"
#if NEED_BOND_MANAGER /* disabled by default */
static void service_error_callback(uint32_t nrf_error);
#endif
extern "C" void assert_nrf_callback(uint16_t line_num, const uint8_t *p_file_name);
void app_error_handler(uint32_t error_code, uint32_t line_num, const uint8_t *p_file_name);
#if NEED_BOND_MANAGER /* disabled by default */
static error_t bond_manager_init(void);
#endif
static void btle_handler(ble_evt_t *p_ble_evt);
static void sys_evt_dispatch(uint32_t sys_evt)
@ -99,9 +90,6 @@ error_t btle_init(void)
ASSERT_STATUS( softdevice_ble_evt_handler_set(btle_handler));
ASSERT_STATUS( softdevice_sys_evt_handler_set(sys_evt_dispatch));
#if NEED_BOND_MANAGER /* disabled by default */
bond_manager_init();
#endif
btle_gap_init();
return ERROR_NONE;
@ -110,13 +98,12 @@ error_t btle_init(void)
static void btle_handler(ble_evt_t *p_ble_evt)
{
/* Library service handlers */
#if NEED_BOND_MANAGER /* disabled by default */
ble_bondmngr_on_ble_evt(p_ble_evt);
#endif
#if SDK_CONN_PARAMS_MODULE_ENABLE
ble_conn_params_on_ble_evt(p_ble_evt);
#endif
dm_ble_evt_handler(p_ble_evt);
/* Custom event handler */
switch (p_ble_evt->header.evt_id) {
case BLE_GAP_EVT_CONNECTED: {
@ -137,9 +124,6 @@ static void btle_handler(ble_evt_t *p_ble_evt)
// Since we are not in a connection and have not started advertising,
// store bonds
nRF51Gap::getInstance().setConnectionHandle (BLE_CONN_HANDLE_INVALID);
#if NEED_BOND_MANAGER /* disabled by default */
ASSERT_STATUS_RET_VOID ( ble_bondmngr_bonded_centrals_store());
#endif
Gap::DisconnectionReason_t reason;
switch (p_ble_evt->evt.gap_evt.params.disconnected.reason) {
@ -162,21 +146,9 @@ static void btle_handler(ble_evt_t *p_ble_evt)
break;
}
case BLE_GAP_EVT_SEC_PARAMS_REQUEST: {
ble_gap_sec_params_t sec_params = {0};
sec_params.bond = 1; /**< Perform bonding. */
sec_params.mitm = CFG_BLE_SEC_PARAM_MITM;
sec_params.io_caps = CFG_BLE_SEC_PARAM_IO_CAPABILITIES;
sec_params.oob = CFG_BLE_SEC_PARAM_OOB;
sec_params.min_key_size = CFG_BLE_SEC_PARAM_MIN_KEY_SIZE;
sec_params.max_key_size = CFG_BLE_SEC_PARAM_MAX_KEY_SIZE;
ble_gap_sec_keyset_t sec_keyset = {0};
ASSERT_STATUS_RET_VOID(sd_ble_gap_sec_params_reply(nRF51Gap::getInstance().getConnectionHandle(), BLE_GAP_SEC_STATUS_SUCCESS, &sec_params, &sec_keyset));
}
break;
case BLE_GAP_EVT_PASSKEY_DISPLAY:
nRF51Gap::getInstance().processPasskeyDisplayEvent(p_ble_evt->evt.gap_evt.conn_handle, p_ble_evt->evt.gap_evt.params.passkey_display.passkey);
break;
case BLE_GAP_EVT_TIMEOUT:
if (p_ble_evt->evt.gap_evt.params.timeout.src == BLE_GAP_TIMEOUT_SRC_ADVERTISING) {
@ -198,85 +170,17 @@ static void btle_handler(ble_evt_t *p_ble_evt)
nRF51GattServer::getInstance().hwCallback(p_ble_evt);
}
#if NEED_BOND_MANAGER /* disabled by default */
/**************************************************************************/
/*!
@brief Initialises the bond manager
@note Bond data will be cleared on reset if the bond delete
button is pressed during initialisation (the button is
defined as CFG_BLE_BOND_DELETE_BUTTON_NUM).
@returns
*/
/**************************************************************************/
static error_t bond_manager_init(void)
{
ble_bondmngr_init_t bond_para = {0};
ASSERT_STATUS ( pstorage_init());
bond_para.flash_page_num_bond = CFG_BLE_BOND_FLASH_PAGE_BOND;
bond_para.flash_page_num_sys_attr = CFG_BLE_BOND_FLASH_PAGE_SYS_ATTR;
//bond_para.bonds_delete = boardButtonCheck(CFG_BLE_BOND_DELETE_BUTTON_NUM) ;
bond_para.evt_handler = NULL;
bond_para.error_handler = service_error_callback;
ASSERT_STATUS( ble_bondmngr_init( &bond_para ));
/* Init radio active/inactive notification to flash (to only perform flashing when the radio is inactive) */
// ASSERT_STATUS( ble_radio_notification_init(NRF_APP_PRIORITY_HIGH,
// NRF_RADIO_NOTIFICATION_DISTANCE_4560US,
// ble_flash_on_radio_active_evt) );
return ERROR_NONE;
}
#endif // #if NEED_BOND_MANAGER
#if NEED_BOND_MANAGER /* disabled by default */
/**************************************************************************/
/*!
@brief
@param[in] nrf_error
@returns
*/
/**************************************************************************/
static void service_error_callback(uint32_t nrf_error)
{
ASSERT_STATUS_RET_VOID( nrf_error );
}
#endif // #if NEED_BOND_MANAGER
/**************************************************************************/
/*!
@brief Callback when an error occurs inside the SoftDevice
@param[in] line_num
@param[in] p-file_name
@returns
*/
/**************************************************************************/
/*! @brief Callback when an error occurs inside the SoftDevice */
void assert_nrf_callback(uint16_t line_num, const uint8_t *p_file_name)
{
ASSERT(false, (void) 0);
}
/**************************************************************************/
/*!
@brief Handler for general errors above the SoftDevice layer.
Typically we can' recover from this so we do a reset.
@param[in] error_code
@param[in] line_num
@param[in] p-file_name
@returns
*/
/**************************************************************************/
void app_error_handler(uint32_t error_code,
uint32_t line_num,
const uint8_t *p_file_name)
void app_error_handler(uint32_t error_code, uint32_t line_num, const uint8_t *p_file_name)
{
ASSERT_STATUS_RET_VOID( error_code );
NVIC_SystemReset();

View file

@ -26,7 +26,7 @@ extern "C" {
#include "ble_srv_common.h"
#include "ble.h"
error_t btle_init(void);
error_t btle_init(void);
#ifdef __cplusplus
}

202
btle/btle_security.cpp Normal file
View file

@ -0,0 +1,202 @@
/* mbed Microcontroller Library
* Copyright (c) 2006-2013 ARM Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "btle.h"
#include "pstorage.h"
#include "nRF51Gap.h"
#include "device_manager.h"
#include "btle_security.h"
static dm_application_instance_t applicationInstance;
static ret_code_t dm_handler(dm_handle_t const *p_handle, dm_event_t const *p_event, ret_code_t event_result);
ble_error_t
btle_initializeSecurity(bool enableBonding, bool requireMITM, Gap::SecurityIOCapabilities_t iocaps, const Gap::Passkey_t passkey)
{
/* guard against multiple initializations */
static bool initialized = false;
if (initialized) {
return BLE_ERROR_NONE;
}
if (pstorage_init() != NRF_SUCCESS) {
return BLE_ERROR_UNSPECIFIED;
}
ret_code_t rc;
if (passkey) {
ble_opt_t opts;
opts.gap_opt.passkey.p_passkey = const_cast<uint8_t *>(passkey);
if ((rc = sd_ble_opt_set(BLE_GAP_OPT_PASSKEY, &opts)) != NRF_SUCCESS) {
switch (rc) {
case BLE_ERROR_INVALID_CONN_HANDLE:
case NRF_ERROR_INVALID_ADDR:
case NRF_ERROR_INVALID_PARAM:
default:
return BLE_ERROR_INVALID_PARAM;
case NRF_ERROR_INVALID_STATE:
return BLE_ERROR_INVALID_STATE;
case NRF_ERROR_BUSY:
return BLE_STACK_BUSY;
}
}
}
dm_init_param_t dm_init_param = {
.clear_persistent_data = false /* Set to true in case the module should clear all persistent data. */
};
if (dm_init(&dm_init_param) != NRF_SUCCESS) {
return BLE_ERROR_UNSPECIFIED;
}
const dm_application_param_t dm_param = {
.evt_handler = dm_handler,
.service_type = DM_PROTOCOL_CNTXT_GATT_CLI_ID,
.sec_param = {
.bond = enableBonding,/**< Perform bonding. */
.mitm = requireMITM, /**< Man In The Middle protection required. */
.io_caps = iocaps, /**< IO capabilities, see @ref BLE_GAP_IO_CAPS. */
.oob = 0, /**< Out Of Band data available. */
.min_key_size = 16, /**< Minimum encryption key size in octets between 7 and 16. If 0 then not applicable in this instance. */
.max_key_size = 16, /**< Maximum encryption key size in octets between min_key_size and 16. */
.kdist_periph = {
.enc = 1, /**< Long Term Key and Master Identification. */
.id = 1, /**< Identity Resolving Key and Identity Address Information. */
.sign = 1, /**< Connection Signature Resolving Key. */
}, /**< Key distribution bitmap: keys that the peripheral device will distribute. */
}
};
if ((rc = dm_register(&applicationInstance, &dm_param)) != NRF_SUCCESS) {
switch (rc) {
case NRF_ERROR_INVALID_STATE:
return BLE_ERROR_INVALID_STATE;
case NRF_ERROR_NO_MEM:
return BLE_ERROR_NO_MEM;
default:
return BLE_ERROR_UNSPECIFIED;
}
}
initialized = true;
return BLE_ERROR_NONE;
}
ble_error_t
btle_purgeAllBondingState(void)
{
ret_code_t rc;
if ((rc = dm_device_delete_all(&applicationInstance)) == NRF_SUCCESS) {
return BLE_ERROR_NONE;
}
switch (rc) {
case NRF_ERROR_INVALID_STATE:
return BLE_ERROR_INVALID_STATE;
case NRF_ERROR_NO_MEM:
return BLE_ERROR_NO_MEM;
default:
return BLE_ERROR_UNSPECIFIED;
}
}
ble_error_t
btle_getLinkSecurity(Gap::Handle_t connectionHandle, Gap::LinkSecurityStatus_t *securityStatusP)
{
ret_code_t rc;
dm_handle_t dmHandle = {
.appl_id = applicationInstance,
};
if ((rc = dm_handle_get(connectionHandle, &dmHandle)) != NRF_SUCCESS) {
if (rc == NRF_ERROR_NOT_FOUND) {
return BLE_ERROR_INVALID_PARAM;
} else {
return BLE_ERROR_UNSPECIFIED;
}
}
if ((rc = dm_security_status_req(&dmHandle, reinterpret_cast<dm_security_status_t *>(securityStatusP))) != NRF_SUCCESS) {
switch (rc) {
case NRF_ERROR_INVALID_STATE:
return BLE_ERROR_INVALID_STATE;
case NRF_ERROR_NO_MEM:
return BLE_ERROR_NO_MEM;
default:
return BLE_ERROR_UNSPECIFIED;
}
}
return BLE_ERROR_NONE;
}
ret_code_t
dm_handler(dm_handle_t const *p_handle, dm_event_t const *p_event, ret_code_t event_result)
{
switch (p_event->event_id) {
case DM_EVT_SECURITY_SETUP: /* started */ {
const ble_gap_sec_params_t *peerParams = &p_event->event_param.p_gap_param->params.sec_params_request.peer_params;
nRF51Gap::getInstance().processSecuritySetupInitiatedEvent(p_event->event_param.p_gap_param->conn_handle,
peerParams->bond,
peerParams->mitm,
(Gap::SecurityIOCapabilities_t)peerParams->io_caps);
break;
}
case DM_EVT_SECURITY_SETUP_COMPLETE:
nRF51Gap::getInstance().processSecuritySetupCompletedEvent(p_event->event_param.p_gap_param->conn_handle,
(Gap::SecurityCompletionStatus_t)(p_event->event_param.p_gap_param->params.auth_status.auth_status));
break;
case DM_EVT_LINK_SECURED: {
unsigned securityMode = p_event->event_param.p_gap_param->params.conn_sec_update.conn_sec.sec_mode.sm;
unsigned level = p_event->event_param.p_gap_param->params.conn_sec_update.conn_sec.sec_mode.lv;
Gap::SecurityMode_t resolvedSecurityMode = Gap::SECURITY_MODE_NO_ACCESS;
switch (securityMode) {
case 1:
switch (level) {
case 1:
resolvedSecurityMode = Gap::SECURITY_MODE_ENCRYPTION_OPEN_LINK;
break;
case 2:
resolvedSecurityMode = Gap::SECURITY_MODE_ENCRYPTION_NO_MITM;
break;
case 3:
resolvedSecurityMode = Gap::SECURITY_MODE_ENCRYPTION_WITH_MITM;
break;
}
break;
case 2:
switch (level) {
case 1:
resolvedSecurityMode = Gap::SECURITY_MODE_SIGNED_NO_MITM;
break;
case 2:
resolvedSecurityMode = Gap::SECURITY_MODE_SIGNED_WITH_MITM;
break;
}
break;
}
nRF51Gap::getInstance().processLinkSecuredEvent(p_event->event_param.p_gap_param->conn_handle, resolvedSecurityMode);
break;
}
case DM_EVT_DEVICE_CONTEXT_STORED:
nRF51Gap::getInstance().processSecurityContextStoredEvent(p_event->event_param.p_gap_param->conn_handle);
break;
default:
break;
}
return NRF_SUCCESS;
}

64
btle/btle_security.h Normal file
View file

@ -0,0 +1,64 @@
/* mbed Microcontroller Library
* Copyright (c) 2006-2013 ARM Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef _BTLE_SECURITY_H_
#define _BTLE_SECURITY_H_
#include "Gap.h"
/**
* Enable Nordic's Device Manager, which brings in functionality from the
* stack's Security Manager. The Security Manager implements the actual
* cryptographic algorithms and protocol exchanges that allow two devices to
* securely exchange data and privately detect each other.
*
* @param[in] enableBonding Allow for bonding.
* @param[in] requireMITM Require protection for man-in-the-middle attacks.
* @param[in] iocaps To specify IO capabilities of this peripheral,
* such as availability of a display or keyboard to
* support out-of-band exchanges of security data.
* @param[in] passkey To specify a static passkey.
*
* @return BLE_ERROR_NONE on success.
*/
ble_error_t btle_initializeSecurity(bool enableBonding = true,
bool requireMITM = true,
Gap::SecurityIOCapabilities_t iocaps = Gap::IO_CAPS_NONE,
const Gap::Passkey_t passkey = NULL);
/**
* Get the security status of a link.
*
* @param[in] connectionHandle
* Handle to identify the connection.
* @param[out] securityStatusP
* security status.
*
* @return BLE_SUCCESS Or appropriate error code indicating reason for failure.
*/
ble_error_t btle_getLinkSecurity(Gap::Handle_t connectionHandle, Gap::LinkSecurityStatus_t *securityStatusP);
/**
* Function for deleting all peer device context and all related bonding
* information from the database.
*
* @retval BLE_ERROR_NONE On success, else an error code indicating reason for failure.
* @retval BLE_ERROR_INVALID_STATE If the API is called without module initialization and/or
* application registration.
*/
ble_error_t btle_purgeAllBondingState(void);
#endif /* _BTLE_SECURITY_H_ */

View file

@ -191,22 +191,23 @@ error_t custom_decode_uuid_base(uint8_t const *const p_uuid_base,
@param[in] char_props The characteristic properties, as
defined by ble_gatt_char_props_t
@param[in] max_length The maximum length of this characeristic
@param[in] p_char_handle
@param[out] p_char_handle
@returns
@retval ERROR_NONE Everything executed normally
*/
/**************************************************************************/
error_t custom_add_in_characteristic(uint16_t service_handle,
ble_uuid_t *p_uuid,
uint8_t properties,
uint8_t *p_data,
uint16_t min_length,
uint16_t max_length,
const uint8_t *userDescriptionDescriptorValuePtr,
uint16_t userDescriptionDescriptorValueLen,
bool readAuthorization,
bool writeAuthorization,
error_t custom_add_in_characteristic(uint16_t service_handle,
ble_uuid_t *p_uuid,
uint8_t properties,
Gap::SecurityMode_t requiredSecurity,
uint8_t *p_data,
uint16_t min_length,
uint16_t max_length,
const uint8_t *userDescriptionDescriptorValuePtr,
uint16_t userDescriptionDescriptorValueLen,
bool readAuthorization,
bool writeAuthorization,
ble_gatts_char_handles_t *p_char_handle)
{
/* Characteristic metadata */
@ -244,11 +245,47 @@ error_t custom_add_in_characteristic(uint16_t service_handle,
attr_md.vlen = (min_length == max_length) ? 0 : 1;
if (char_props.read || char_props.notify || char_props.indicate) {
BLE_GAP_CONN_SEC_MODE_SET_OPEN(&attr_md.read_perm);
switch (requiredSecurity) {
case Gap::SECURITY_MODE_ENCRYPTION_OPEN_LINK :
BLE_GAP_CONN_SEC_MODE_SET_OPEN(&attr_md.read_perm);
break;
case Gap::SECURITY_MODE_ENCRYPTION_NO_MITM :
BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM(&attr_md.read_perm);
break;
case Gap::SECURITY_MODE_ENCRYPTION_WITH_MITM :
BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM(&attr_md.read_perm);
break;
case Gap::SECURITY_MODE_SIGNED_NO_MITM :
BLE_GAP_CONN_SEC_MODE_SET_SIGNED_NO_MITM(&attr_md.read_perm);
break;
case Gap::SECURITY_MODE_SIGNED_WITH_MITM :
BLE_GAP_CONN_SEC_MODE_SET_SIGNED_WITH_MITM(&attr_md.read_perm);
break;
default:
break;
};
}
if (char_props.write || char_props.write_wo_resp) {
BLE_GAP_CONN_SEC_MODE_SET_OPEN(&attr_md.write_perm);
switch (requiredSecurity) {
case Gap::SECURITY_MODE_ENCRYPTION_OPEN_LINK :
BLE_GAP_CONN_SEC_MODE_SET_OPEN(&attr_md.write_perm);
break;
case Gap::SECURITY_MODE_ENCRYPTION_NO_MITM :
BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM(&attr_md.write_perm);
break;
case Gap::SECURITY_MODE_ENCRYPTION_WITH_MITM :
BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM(&attr_md.write_perm);
break;
case Gap::SECURITY_MODE_SIGNED_NO_MITM :
BLE_GAP_CONN_SEC_MODE_SET_SIGNED_NO_MITM(&attr_md.write_perm);
break;
case Gap::SECURITY_MODE_SIGNED_WITH_MITM :
BLE_GAP_CONN_SEC_MODE_SET_SIGNED_WITH_MITM(&attr_md.write_perm);
break;
default:
break;
};
}
ble_gatts_attr_t attr_char_value = {0};

View file

@ -17,13 +17,14 @@
#ifndef _CUSTOM_HELPER_H_
#define _CUSTOM_HELPER_H_
#ifdef __cplusplus
extern "C" {
#endif
#include "common/common.h"
#include "ble.h"
#include "UUID.h"
#include "GattCharacteristic.h"
#ifdef __cplusplus
extern "C" {
#endif
uint8_t custom_add_uuid_base(uint8_t const *const p_uuid_base);
error_t custom_decode_uuid(uint8_t const *const p_uuid_base,
@ -33,6 +34,7 @@ ble_uuid_t custom_convert_to_nordic_uuid(const UUID &uuid);
error_t custom_add_in_characteristic(uint16_t service_handle,
ble_uuid_t *p_uuid,
uint8_t properties,
Gap::SecurityMode_t requiredSecurity,
uint8_t *p_data,
uint16_t min_length,
uint16_t max_length,

View file

@ -22,6 +22,8 @@
#include "BLEDevice.h"
#include "nRF51Gap.h"
#include "nRF51GattServer.h"
#include "btle.h"
#include "btle_security.h"
class nRF51822n : public BLEDeviceInstanceBase
{
@ -44,6 +46,12 @@ public:
virtual ble_error_t init(void);
virtual ble_error_t shutdown(void);
virtual ble_error_t reset(void);
virtual ble_error_t initializeSecurity(bool enableBonding = true,
bool requireMITM = true,
Gap::SecurityIOCapabilities_t iocaps = Gap::IO_CAPS_NONE,
const Gap::Passkey_t passkey = NULL) {
return btle_initializeSecurity(enableBonding, requireMITM, iocaps, passkey);
}
virtual void waitForEvent(void);
};

View file

@ -26,6 +26,7 @@
#include "nrf_soc.h"
#include "ble_radio_notification.h"
#include "btle_security.h"
/**************************************************************************/
/*!
@ -54,6 +55,11 @@ public:
virtual ble_error_t stopAdvertising(void);
virtual ble_error_t disconnect(DisconnectionReason_t reason);
virtual ble_error_t purgeAllBondingState(void) {return btle_purgeAllBondingState();}
virtual ble_error_t getLinkSecurity(Handle_t connectionHandle, LinkSecurityStatus_t *securityStatusP) {
return btle_getLinkSecurity(connectionHandle, securityStatusP);
}
virtual ble_error_t setDeviceName(const uint8_t *deviceName);
virtual ble_error_t getDeviceName(uint8_t *deviceName, unsigned *lengthP);
virtual ble_error_t setAppearance(uint16_t appearance);

View file

@ -86,6 +86,7 @@ ble_error_t nRF51GattServer::addService(GattService &service)
custom_add_in_characteristic(BLE_GATT_HANDLE_INVALID,
&nordicUUID,
p_char->getProperties(),
p_char->getRequiredSecurity(),
p_char->getValueAttribute().getValuePtr(),
p_char->getValueAttribute().getInitialLength(),
p_char->getValueAttribute().getMaxLength(),

View file

@ -71,6 +71,10 @@
#include "ble_gap.h"
#include "device_manager_cnfg.h"
#ifdef __cplusplus
extern "C" {
#endif
/**
* @defgroup dm_service_cntext_types Service/Protocol Types
*
@ -881,6 +885,10 @@ ret_code_t dm_distributed_keys_get(dm_handle_t const * p_handle,
*/
ret_code_t dm_handle_get(uint16_t conn_handle, dm_handle_t * p_handle);
#ifdef __cplusplus
}
#endif
/** @} */
/** @} */
/** @} */