diff --git a/module.json b/module.json index f183df2..0c1b130 100644 --- a/module.json +++ b/module.json @@ -25,7 +25,7 @@ ], "dependencies": { "ble": "^2.3.0", - "nrf51-sdk": "^2.0.0" + "nrf51-sdk": "^2.1.0" }, "extraIncludes": [ "source/btle", diff --git a/source/btle/btle_security.cpp b/source/btle/btle_security.cpp index ba92fe7..a03dd4f 100644 --- a/source/btle/btle_security.cpp +++ b/source/btle/btle_security.cpp @@ -21,11 +21,13 @@ extern "C" { #include "pstorage.h" #include "device_manager.h" +#include "id_manager.h" } #include "btle_security.h" static dm_application_instance_t applicationInstance; +static bool initialized = false; static ret_code_t dm_handler(dm_handle_t const *p_handle, dm_event_t const *p_event, ret_code_t event_result); // default security parameters @@ -43,6 +45,12 @@ static ble_gap_sec_params_t securityParameters = { }, /**< Key distribution bitmap: keys that the peripheral device will distribute. */ }; +bool +btle_hasInitializedSecurity(void) +{ + return initialized; +} + ble_error_t btle_initializeSecurity(bool enableBonding, bool requireMITM, @@ -50,7 +58,6 @@ btle_initializeSecurity(bool enableBonding, const SecurityManager::Passkey_t passkey) { /* guard against multiple initializations */ - static bool initialized = false; if (initialized) { return BLE_ERROR_NONE; } @@ -262,3 +269,27 @@ dm_handler(dm_handle_t const *p_handle, dm_event_t const *p_event, ret_code_t ev return NRF_SUCCESS; } + +ble_error_t +btle_createWhitelistFromBondTable(ble_gap_whitelist_t *p_whitelist) +{ + ret_code_t err = dm_whitelist_create(&applicationInstance, p_whitelist); + if (err == NRF_SUCCESS) { + return BLE_ERROR_NONE; + } else if (err == NRF_ERROR_NULL) { + return BLE_ERROR_PARAM_OUT_OF_RANGE; + } else { + return BLE_ERROR_INVALID_STATE; + } +} + + +bool +btle_matchAddressAndIrk(ble_gap_addr_t const * p_addr, ble_gap_irk_t const * p_irk) +{ + /* + * Use a helper function from the Nordic SDK to test whether the BLE + * address can be generated using the IRK. + */ + return im_address_resolve(p_addr, p_irk); +} diff --git a/source/btle/btle_security.h b/source/btle/btle_security.h index b3e4b07..54f5f5e 100644 --- a/source/btle/btle_security.h +++ b/source/btle/btle_security.h @@ -20,6 +20,15 @@ #include "ble/Gap.h" #include "ble/SecurityManager.h" +/** + * Function to test whether the SecurityManager has been initialized. + * Possible by a call to @ref btle_initializeSecurity(). + * + * @return True if the SecurityManager was previously initialized, false + * otherwise. + */ +bool btle_hasInitializedSecurity(void); + /** * Enable Nordic's Device Manager, which brings in functionality from the * stack's Security Manager. The Security Manager implements the actual @@ -75,4 +84,31 @@ ble_error_t btle_setLinkSecurity(Gap::Handle_t connectionHandle, SecurityManager */ ble_error_t btle_purgeAllBondingState(void); +/** + * Query the SoftDevice bond table to extract a whitelist containing the BLE + * addresses and IRKs of bonded devices. + * + * @param[in/out] p_whitelist + * (on input) p_whitelist->addr_count and + * p_whitelist->irk_count specify the maximum number of + * addresses and IRKs added to the whitelist structure. + * (on output) *p_whitelist is a whitelist containing the + * addresses and IRKs of the bonded devices. + * + * @return BLE_ERROR_NONE Or appropriate error code indicating reason for failure. + */ +ble_error_t btle_createWhitelistFromBondTable(ble_gap_whitelist_t *p_whitelist); + +/** + * Function to test whether a BLE address is generated using an IRK. + * + * @param[in] p_addr + * Pointer to a BLE address. + * @param[in] p_irk + * Pointer to an IRK. + * + * @return True if p_addr can be generated using p_irk, false otherwise. + */ +bool btle_matchAddressAndIrk(ble_gap_addr_t const * p_addr, ble_gap_irk_t const * p_irk); + #endif /* _BTLE_SECURITY_H_ */ diff --git a/source/nRF5xGap.cpp b/source/nRF5xGap.cpp index 9ec7522..d96dc92 100644 --- a/source/nRF5xGap.cpp +++ b/source/nRF5xGap.cpp @@ -168,13 +168,31 @@ ble_error_t nRF5xGap::startAdvertising(const GapAdvertisingParams ¶ms) return BLE_ERROR_PARAM_OUT_OF_RANGE; } + /* Allocate the stack's whitelist statically */ + ble_gap_whitelist_t whitelist; + ble_gap_addr_t *whitelistAddressPtrs[YOTTA_CFG_WHITELIST_MAX_SIZE]; + ble_gap_irk_t *whitelistIrkPtrs[YOTTA_CFG_IRK_TABLE_MAX_SIZE]; + /* Initialize the whitelist */ + whitelist.pp_addrs = whitelistAddressPtrs; + whitelist.pp_irks = whitelistIrkPtrs; + whitelist.addr_count = 0; + whitelist.irk_count = 0; + + /* Add missing IRKs to whitelist from the bond table held by the SoftDevice */ + if (advertisingPolicyMode != Gap::ADV_POLICY_IGNORE_WHITELIST) { + ble_error_t error = generateStackWhitelist(whitelist); + if (error != BLE_ERROR_NONE) { + return error; + } + } + /* Start Advertising */ ble_gap_adv_params_t adv_para = {0}; adv_para.type = params.getAdvertisingType(); adv_para.p_peer_addr = NULL; // Undirected advertisement - adv_para.fp = BLE_GAP_ADV_FP_ANY; - adv_para.p_whitelist = NULL; + adv_para.fp = advertisingPolicyMode; + adv_para.p_whitelist = &whitelist; adv_para.interval = params.getIntervalInADVUnits(); // advertising interval (in units of 0.625 ms) adv_para.timeout = params.getTimeout(); @@ -185,6 +203,53 @@ ble_error_t nRF5xGap::startAdvertising(const GapAdvertisingParams ¶ms) return BLE_ERROR_NONE; } +/* Observer role is not supported by S110, return BLE_ERROR_NOT_IMPLEMENTED */ +#if !defined(TARGET_MCU_NRF51_16K_S110) && !defined(TARGET_MCU_NRF51_32K_S110) +ble_error_t nRF5xGap::startRadioScan(const GapScanningParams &scanningParams) +{ + /* Allocate the stack's whitelist statically */ + ble_gap_whitelist_t whitelist; + ble_gap_addr_t *whitelistAddressPtrs[YOTTA_CFG_WHITELIST_MAX_SIZE]; + ble_gap_irk_t *whitelistIrkPtrs[YOTTA_CFG_IRK_TABLE_MAX_SIZE]; + /* Initialize the whitelist */ + whitelist.pp_addrs = whitelistAddressPtrs; + whitelist.pp_irks = whitelistIrkPtrs; + whitelist.addr_count = 0; + whitelist.irk_count = 0; + + /* Add missing IRKs to whitelist from the bond table held by the SoftDevice */ + if (scanningPolicyMode != Gap::SCAN_POLICY_IGNORE_WHITELIST) { + ble_error_t error = generateStackWhitelist(whitelist); + if (error != BLE_ERROR_NONE) { + return error; + } + } + + ble_gap_scan_params_t scanParams = { + .active = scanningParams.getActiveScanning(), /**< If 1, perform active scanning (scan requests). */ + .selective = scanningPolicyMode, /**< If 1, ignore unknown devices (non whitelisted). */ + .p_whitelist = &whitelist, /**< Pointer to whitelist, NULL if none is given. */ + .interval = scanningParams.getInterval(), /**< Scan interval between 0x0004 and 0x4000 in 0.625ms units (2.5ms to 10.24s). */ + .window = scanningParams.getWindow(), /**< Scan window between 0x0004 and 0x4000 in 0.625ms units (2.5ms to 10.24s). */ + .timeout = scanningParams.getTimeout(), /**< Scan timeout between 0x0001 and 0xFFFF in seconds, 0x0000 disables timeout. */ + }; + + if (sd_ble_gap_scan_start(&scanParams) != NRF_SUCCESS) { + return BLE_ERROR_PARAM_OUT_OF_RANGE; + } + + return BLE_ERROR_NONE; +} + +ble_error_t nRF5xGap::stopScan(void) { + if (sd_ble_gap_scan_stop() == NRF_SUCCESS) { + return BLE_ERROR_NONE; + } + + return BLE_STACK_BUSY; +} +#endif + /**************************************************************************/ /*! @brief Stops the BLE HW and disconnects from any devices @@ -233,9 +298,27 @@ ble_error_t nRF5xGap::connect(const Address_t peerAddr, connParams.conn_sup_timeout = 600; } + /* Allocate the stack's whitelist statically */ + ble_gap_whitelist_t whitelist; + ble_gap_addr_t *whitelistAddressPtrs[YOTTA_CFG_WHITELIST_MAX_SIZE]; + ble_gap_irk_t *whitelistIrkPtrs[YOTTA_CFG_IRK_TABLE_MAX_SIZE]; + /* Initialize the whitelist */ + whitelist.pp_addrs = whitelistAddressPtrs; + whitelist.pp_irks = whitelistIrkPtrs; + whitelist.addr_count = 0; + whitelist.irk_count = 0; + + /* Add missing IRKs to whitelist from the bond table held by the SoftDevice */ + if (scanningPolicyMode != Gap::SCAN_POLICY_IGNORE_WHITELIST) { + ble_error_t error = generateStackWhitelist(whitelist); + if (error != BLE_ERROR_NONE) { + return error; + } + } + ble_gap_scan_params_t scanParams; - scanParams.selective = 0; /**< If 1, ignore unknown devices (non whitelisted). */ - scanParams.p_whitelist = NULL; /**< Pointer to whitelist, NULL if none is given. */ + scanParams.selective = scanningPolicyMode; /**< If 1, ignore unknown devices (non whitelisted). */ + scanParams.p_whitelist = &whitelist; /**< Pointer to whitelist, NULL if none is given. */ if (scanParamsIn != NULL) { scanParams.active = scanParamsIn->getActiveScanning(); /**< If 1, perform active scanning (scan requests). */ scanParams.interval = scanParamsIn->getInterval(); /**< Scan interval between 0x0004 and 0x4000 in 0.625ms units (2.5ms to 10.24s). */ @@ -357,6 +440,13 @@ ble_error_t nRF5xGap::reset(void) /* Clear derived class members */ m_connectionHandle = BLE_CONN_HANDLE_INVALID; + /* Set the whitelist policy filter modes to IGNORE_WHITELIST */ + advertisingPolicyMode = Gap::ADV_POLICY_IGNORE_WHITELIST; + scanningPolicyMode = Gap::SCAN_POLICY_IGNORE_WHITELIST; + + /* Clear the internal whitelist */ + whitelistAddressesSize = 0; + return BLE_ERROR_NONE; } @@ -507,3 +597,342 @@ void nRF5xGap::getPermittedTxPowerValues(const int8_t **valueArrayPP, size_t *co *valueArrayPP = permittedTxValues; *countP = sizeof(permittedTxValues) / sizeof(int8_t); } + +/**************************************************************************/ +/*! + @brief Get the capacity of the internal whitelist maintained by this + implementation. + + @returns The capacity of the internal whitelist. + + @section EXAMPLE + + @code + + @endcode +*/ +/**************************************************************************/ +uint8_t nRF5xGap::getMaxWhitelistSize(void) const +{ + return YOTTA_CFG_WHITELIST_MAX_SIZE; +} + +/**************************************************************************/ +/*! + @brief Get a copy of the implementation's internal whitelist. + + @param[out] whitelistOut + A \ref Gap::Whitelist_t structure containing a copy of the + addresses in the implemenetation's internal whitelist. + + @returns \ref ble_errror_t + + @retval BLE_ERROR_NONE + Everything executed properly. + + @section EXAMPLE + + @code + + @endcode +*/ +/**************************************************************************/ +ble_error_t nRF5xGap::getWhitelist(Gap::Whitelist_t &whitelistOut) const +{ + uint8_t i; + for (i = 0; i < whitelistAddressesSize && i < whitelistOut.capacity; ++i) { + memcpy(&whitelistOut.addresses[i], &whitelistAddresses[i], sizeof(BLEProtocol::Address_t)); + } + whitelistOut.size = i; + + return BLE_ERROR_NONE; +} + +/**************************************************************************/ +/*! + @brief Set the whitelist that will be used in the next call to + startAdvertising(). + + @param[in] whitelistIn + A reference to a \ref Gap::Whitelist_t structure + representing a whitelist containing all the white listed + BLE addresses. + + @returns \ref ble_errror_t + + @retval BLE_ERROR_NONE + Everything executed properly. + + BLE_ERROR_INVALID_PARAM + The supplied whitelist contains a private non-resolvable + address + + BLE_ERROR_PARAM_OUT_OF_RANGE + The size of the supplied whitelist exceeds the maximum + capacity of the implementation's internal whitelist. + + @section EXAMPLE + + @code + + @endcode +*/ +/**************************************************************************/ +ble_error_t nRF5xGap::setWhitelist(const Gap::Whitelist_t &whitelistIn) +{ + if (whitelistIn.size > getMaxWhitelistSize()) { + return BLE_ERROR_PARAM_OUT_OF_RANGE; + } + + /* Test for invalid parameters before we change the internal state */ + for (uint8_t i = 0; i < whitelistIn.size; ++i) { + if (whitelistIn.addresses[i].type == BLEProtocol::AddressType_t::RANDOM_PRIVATE_NON_RESOLVABLE) { + /* This is not allowed because it is completely meaningless */ + return BLE_ERROR_INVALID_PARAM; + } + } + + whitelistAddressesSize = 0; + for (uint8_t i = 0; i < whitelistIn.size; ++i) { + memcpy(&whitelistAddresses[whitelistAddressesSize], &whitelistIn.addresses[i], sizeof(BLEProtocol::Address_t)); + whitelistAddressesSize++; + } + + return BLE_ERROR_NONE; +} + +/**************************************************************************/ +/*! + @brief Set the advertising policy filter mode that will be used in + the next call to startAdvertising(). + + @returns \ref ble_errror_t + + @retval BLE_ERROR_NONE + Everything executed properly. + + BLE_ERROR_NOT_IMPLEMENTED + This feature is currently note implemented. + + @section EXAMPLE + + @code + + @endcode +*/ +/**************************************************************************/ +ble_error_t nRF5xGap::setAdvertisingPolicyMode(Gap::AdvertisingPolicyMode_t mode) +{ + advertisingPolicyMode = mode; + + return BLE_ERROR_NONE; +} + +/**************************************************************************/ +/*! + @brief Set the scanning policy filter mode that will be used in + the next call to startAdvertising(). + + @returns \ref ble_errror_t + + @retval BLE_ERROR_NONE + Everything executed properly. + + BLE_ERROR_NOT_IMPLEMENTED + This feature is currently note implemented. + + @section EXAMPLE + + @code + + @endcode +*/ +/**************************************************************************/ +ble_error_t nRF5xGap::setScanningPolicyMode(Gap::ScanningPolicyMode_t mode) +{ + scanningPolicyMode = mode; + + return BLE_ERROR_NONE; +} + +/**************************************************************************/ +/*! + @brief Set the initiator policy filter mode that will be used in + the next call to startAdvertising() + + @returns \ref ble_errror_t + + @retval BLE_ERROR_NONE + Everything executed properly. + + BLE_ERROR_NOT_IMPLEMENTED + This feature is currently note implemented. + + @section EXAMPLE + + @code + + @endcode +*/ +/**************************************************************************/ +ble_error_t nRF5xGap::setInitiatorPolicyMode(Gap::InitiatorPolicyMode_t mode) +{ + return BLE_ERROR_NOT_IMPLEMENTED; +} + +/**************************************************************************/ +/*! + @brief Get the current advertising policy filter mode. + + @returns The advertising policy filter mode. + + @section EXAMPLE + + @code + + @endcode +*/ +/**************************************************************************/ +Gap::AdvertisingPolicyMode_t nRF5xGap::getAdvertisingPolicyMode(void) const +{ + return advertisingPolicyMode; +} + +/**************************************************************************/ +/*! + @brief Get the current scanning policy filter mode. + + @returns The scanning policy filter mode. + + @section EXAMPLE + + @code + + @endcode +*/ +/**************************************************************************/ +Gap::ScanningPolicyMode_t nRF5xGap::getScanningPolicyMode(void) const +{ + return scanningPolicyMode; +} + +/**************************************************************************/ +/*! + @brief Get the current initiator policy filter mode. + + @returns The initiator policy filter mode. + + @note Currently initiator filtering using the whitelist is not + implemented in this module. + + @section EXAMPLE + + @code + + @endcode +*/ +/**************************************************************************/ +Gap::InitiatorPolicyMode_t nRF5xGap::getInitiatorPolicyMode(void) const +{ + return Gap::INIT_POLICY_IGNORE_WHITELIST; +} + +/**************************************************************************/ +/*! + @brief Helper function used to populate the ble_gap_whitelist_t that + will be used by the SoftDevice for filtering requests. + + @returns \ref ble_error_t + + @retval BLE_ERROR_NONE + Everything executed properly + + @retval BLE_ERROR_INVALID_STATE + The internal stack was not initialized correctly. + + @note Both the SecurityManager and Gap must initialize correctly for + this function to succeed. + + @note This function is needed because for the BLE API the whitelist + is just a collection of keys, but for the stack it also includes + the IRK table. + + @section EXAMPLE + + @code + + @endcode +*/ +/**************************************************************************/ +ble_error_t nRF5xGap::generateStackWhitelist(ble_gap_whitelist_t &whitelist) +{ + ble_gap_whitelist_t whitelistFromBondTable; + ble_gap_addr_t *addressPtr[1]; + ble_gap_irk_t *irkPtr[YOTTA_CFG_IRK_TABLE_MAX_SIZE]; + + nRF5xSecurityManager& securityManager = (nRF5xSecurityManager&) nRF5xn::Instance(0).getSecurityManager(); + + if (securityManager.hasInitialized()) { + /* We do not care about the addresses, set the count to 0 */ + whitelistFromBondTable.addr_count = 0; + /* The Nordic SDK will return a failure if we set pp_addr to NULL */ + whitelistFromBondTable.pp_addrs = addressPtr; + /* We want all the IRKs we can get because we do not know which ones match the addresses */ + whitelistFromBondTable.irk_count = YOTTA_CFG_IRK_TABLE_MAX_SIZE; + whitelistFromBondTable.pp_irks = irkPtr; + + /* Use the security manager to get the IRKs from the bond table */ + ble_error_t error = securityManager.createWhitelistFromBondTable(whitelistFromBondTable); + if (error != BLE_ERROR_NONE) { + return error; + } + } else { + /** + * If there is no security manager then we cannot access the bond table, + * so disable IRK matching + */ + whitelistFromBondTable.addr_count = 0; + whitelistFromBondTable.irk_count = 0; + } + + /** + * For every private resolvable address in the local whitelist check if + * there is an IRK for said address in the bond table and add it to the + * local IRK list. + */ + whitelist.irk_count = 0; + whitelist.addr_count = 0; + for (uint8_t i = 0; i < whitelistAddressesSize; ++i) { + if (whitelistAddresses[i].addr_type == BLEProtocol::AddressType_t::RANDOM_PRIVATE_RESOLVABLE) { + /* Test if there is a matching IRK for this private resolvable address */ + for (uint8_t j = 0; j < whitelistFromBondTable.irk_count; ++j) { + if (securityManager.matchAddressAndIrk(&whitelistAddresses[i], whitelistFromBondTable.pp_irks[j])) { + /* Found the corresponding IRK, add it to our local whitelist */ + whitelist.pp_irks[whitelist.irk_count] = whitelistFromBondTable.pp_irks[j]; + whitelist.irk_count++; + /* Make sure we do not look at this IRK again */ + if (j != whitelistFromBondTable.irk_count - 1) { + /** + * This is not the last IRK, so replace the pointer + * with the last pointer in the array + */ + whitelistFromBondTable.pp_irks[j] = + whitelistFromBondTable.pp_irks[whitelistFromBondTable.irk_count - 1]; + } + /** + * If the IRK is the last pointer in the array simply + * decrement the total IRK count + */ + whitelistFromBondTable.irk_count--; + break; + } + } + } else { + /* Include the address into the whitelist */ + whitelist.pp_addrs[whitelist.addr_count] = &whitelistAddresses[i]; + whitelist.addr_count++; + } + } + + return BLE_ERROR_NONE; +} diff --git a/source/nRF5xGap.h b/source/nRF5xGap.h index c972b1c..e9a2d92 100644 --- a/source/nRF5xGap.h +++ b/source/nRF5xGap.h @@ -22,6 +22,18 @@ #else #include "mbed.h" #endif +#ifndef YOTTA_CFG_WHITELIST_MAX_SIZE + #define YOTTA_CFG_WHITELIST_MAX_SIZE BLE_GAP_WHITELIST_ADDR_MAX_COUNT +#elif YOTTA_CFG_WHITELIST_MAX_SIZE > BLE_GAP_WHITELIST_ADDR_MAX_COUNT + #undef YOTTA_CFG_WHITELIST_MAX_SIZE + #define YOTTA_CFG_WHITELIST_MAX_SIZE BLE_GAP_WHITELIST_ADDR_MAX_COUNT +#endif +#ifndef YOTTA_CFG_IRK_TABLE_MAX_SIZE + #define YOTTA_CFG_IRK_TABLE_MAX_SIZE BLE_GAP_WHITELIST_IRK_MAX_COUNT +#elif YOTTA_CFG_IRK_TABLE_MAX_SIZE > BLE_GAP_WHITELIST_IRK_MAX_COUNT + #undef YOTTA_CFG_IRK_TABLE_MAX_SIZE + #define YOTTA_CFG_IRK_TABLE_MAX_SIZE BLE_GAP_WHITELIST_IRK_MAX_COUNT +#endif #include "ble/blecommon.h" #include "ble.h" #include "ble/GapAdvertisingParams.h" @@ -80,6 +92,21 @@ public: virtual ble_error_t reset(void); + /* + * The following functions are part of the whitelisting experimental API. + * Therefore, this functionality can change in the near future. + */ + virtual uint8_t getMaxWhitelistSize(void) const; + virtual ble_error_t getWhitelist(Gap::Whitelist_t &whitelistOut) const; + virtual ble_error_t setWhitelist(const Gap::Whitelist_t &whitelistIn); + + virtual ble_error_t setAdvertisingPolicyMode(AdvertisingPolicyMode_t mode); + virtual ble_error_t setScanningPolicyMode(ScanningPolicyMode_t mode); + virtual ble_error_t setInitiatorPolicyMode(InitiatorPolicyMode_t mode); + virtual Gap::AdvertisingPolicyMode_t getAdvertisingPolicyMode(void) const; + virtual Gap::ScanningPolicyMode_t getScanningPolicyMode(void) const; + virtual Gap::InitiatorPolicyMode_t getInitiatorPolicyMode(void) const; + virtual ble_error_t initRadioNotification(void) { if (ble_radio_notification_init(NRF_APP_PRIORITY_HIGH, NRF_RADIO_NOTIFICATION_DISTANCE_800US, radioNotificationStaticCallback) == NRF_SUCCESS) { return BLE_ERROR_NONE; @@ -90,32 +117,31 @@ public: /* Observer role is not supported by S110, return BLE_ERROR_NOT_IMPLEMENTED */ #if !defined(TARGET_MCU_NRF51_16K_S110) && !defined(TARGET_MCU_NRF51_32K_S110) - virtual ble_error_t startRadioScan(const GapScanningParams &scanningParams) { - ble_gap_scan_params_t scanParams = { - .active = scanningParams.getActiveScanning(), /**< If 1, perform active scanning (scan requests). */ - .selective = 0, /**< If 1, ignore unknown devices (non whitelisted). */ - .p_whitelist = NULL, /**< Pointer to whitelist, NULL if none is given. */ - .interval = scanningParams.getInterval(), /**< Scan interval between 0x0004 and 0x4000 in 0.625ms units (2.5ms to 10.24s). */ - .window = scanningParams.getWindow(), /**< Scan window between 0x0004 and 0x4000 in 0.625ms units (2.5ms to 10.24s). */ - .timeout = scanningParams.getTimeout(), /**< Scan timeout between 0x0001 and 0xFFFF in seconds, 0x0000 disables timeout. */ - }; - - if (sd_ble_gap_scan_start(&scanParams) != NRF_SUCCESS) { - return BLE_ERROR_PARAM_OUT_OF_RANGE; - } - - return BLE_ERROR_NONE; - } - - virtual ble_error_t stopScan(void) { - if (sd_ble_gap_scan_stop() == NRF_SUCCESS) { - return BLE_ERROR_NONE; - } - - return BLE_STACK_BUSY; - } + virtual ble_error_t startRadioScan(const GapScanningParams &scanningParams); + virtual ble_error_t stopScan(void); #endif +private: + /* + * Whitelisting API related structures and helper functions. + */ + + /* Policy modes set by the user. By default these are set to ignore the whitelist */ + Gap::AdvertisingPolicyMode_t advertisingPolicyMode; + Gap::ScanningPolicyMode_t scanningPolicyMode; + + /* Internal representation of a whitelist */ + uint8_t whitelistAddressesSize; + ble_gap_addr_t whitelistAddresses[YOTTA_CFG_WHITELIST_MAX_SIZE]; + + /* + * An internal function used to populate the ble_gap_whitelist_t that will be used by + * the SoftDevice for filtering requests. This function is needed because for the BLE + * API the whitelist is just a collection of keys, but for the stack it also includes + * the IRK table. + */ + ble_error_t generateStackWhitelist(ble_gap_whitelist_t &whitelist); + private: bool radioNotificationCallbackParam; /* parameter to be passed into the Timeout-generated radio notification callback. */ Timeout radioNotificationTimeout; @@ -206,7 +232,10 @@ private: */ friend class nRF5xn; - nRF5xGap() { + nRF5xGap() : + advertisingPolicyMode(Gap::ADV_POLICY_IGNORE_WHITELIST), + scanningPolicyMode(Gap::SCAN_POLICY_IGNORE_WHITELIST), + whitelistAddressesSize(0) { m_connectionHandle = BLE_CONN_HANDLE_INVALID; } diff --git a/source/nRF5xSecurityManager.h b/source/nRF5xSecurityManager.h index 4c30841..63a1ef4 100644 --- a/source/nRF5xSecurityManager.h +++ b/source/nRF5xSecurityManager.h @@ -19,6 +19,7 @@ #include +#include "nRF5xGap.h" #include "ble/SecurityManager.h" #include "btle_security.h" @@ -60,6 +61,10 @@ public: return BLE_ERROR_NONE; } + bool hasInitialized(void) const { + return btle_hasInitializedSecurity(); + } + public: /* * Allow instantiation from nRF5xn when required. @@ -73,6 +78,30 @@ public: private: nRF5xSecurityManager(const nRF5xSecurityManager &); const nRF5xSecurityManager& operator=(const nRF5xSecurityManager &); + + /* + * Expose an interface that allows us to query the SoftDevice bond table + * and extract a whitelist. + */ + ble_error_t createWhitelistFromBondTable(ble_gap_whitelist_t &whitelistFromBondTable) const { + return btle_createWhitelistFromBondTable(&whitelistFromBondTable); + } + + /* + * Given a BLE address and a IRK this function check whether the address + * can be generated from the IRK. To do so, this function uses the hash + * function and algorithm described in the Bluetooth low Energy + * Specification. Internally, Nordic SDK functions are used. + */ + bool matchAddressAndIrk(ble_gap_addr_t *address, ble_gap_irk_t *irk) const { + return btle_matchAddressAndIrk(address, irk); + } + + /* + * Give nRF5xGap access to createWhitelistFromBondTable() and + * matchAddressAndIrk() + */ + friend class nRF5xGap; }; #endif // ifndef __NRF51822_SECURITY_MANAGER_H__