mirror of https://github.com/ARMmbed/mbed-os.git
nRF5: whitelisting update fo SD API >-3.x.x
parent
8aa71fa47a
commit
42fcae481a
|
@ -28,6 +28,7 @@
|
||||||
|
|
||||||
#if (NRF_SD_BLE_API_VERSION >= 3)
|
#if (NRF_SD_BLE_API_VERSION >= 3)
|
||||||
#include "peer_manager.h"
|
#include "peer_manager.h"
|
||||||
|
#include "peer_data_storage.h"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
||||||
|
@ -192,9 +193,7 @@ ble_error_t nRF5xGap::startAdvertising(const GapAdvertisingParams ¶ms)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
gapAdrHelper_t gapAdrHelper;
|
err = updateWhiteAndIdentityListInStack();
|
||||||
getStackWhiteIdentityList(gapAdrHelper);
|
|
||||||
err = apllyWhiteIdentityList(gapAdrHelper);
|
|
||||||
|
|
||||||
if (err != BLE_ERROR_NONE) {
|
if (err != BLE_ERROR_NONE) {
|
||||||
return (ble_error_t)err;
|
return (ble_error_t)err;
|
||||||
|
@ -247,9 +246,7 @@ ble_error_t nRF5xGap::startRadioScan(const GapScanningParams &scanningParams)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
gapAdrHelper_t gapAdrHelper;
|
uint32_t err = updateWhiteAndIdentityListInStack();
|
||||||
getStackWhiteIdentityList(gapAdrHelper);
|
|
||||||
uint32_t err = apllyWhiteIdentityList(gapAdrHelper);
|
|
||||||
|
|
||||||
if (err != BLE_ERROR_NONE) {
|
if (err != BLE_ERROR_NONE) {
|
||||||
return (ble_error_t)err;
|
return (ble_error_t)err;
|
||||||
|
@ -262,6 +259,11 @@ ble_error_t nRF5xGap::startRadioScan(const GapScanningParams &scanningParams)
|
||||||
#if (NRF_SD_BLE_API_VERSION <= 2)
|
#if (NRF_SD_BLE_API_VERSION <= 2)
|
||||||
scanParams.selective = scanningPolicyMode; /**< If 1, ignore unknown devices (non whitelisted). */
|
scanParams.selective = scanningPolicyMode; /**< If 1, ignore unknown devices (non whitelisted). */
|
||||||
scanParams.p_whitelist = &whitelist; /**< Pointer to whitelist, NULL if none is given. */
|
scanParams.p_whitelist = &whitelist; /**< Pointer to whitelist, NULL if none is given. */
|
||||||
|
#else
|
||||||
|
scanParams.use_whitelist = scanningPolicyMode;
|
||||||
|
scanParams.adv_dir_report = 0;
|
||||||
|
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
scanParams.interval = scanningParams.getInterval(); /**< Scan interval between 0x0004 and 0x4000 in 0.625ms units (2.5ms to 10.24s). */
|
scanParams.interval = scanningParams.getInterval(); /**< Scan interval between 0x0004 and 0x4000 in 0.625ms units (2.5ms to 10.24s). */
|
||||||
scanParams.window = scanningParams.getWindow(); /**< Scan window between 0x0004 and 0x4000 in 0.625ms units (2.5ms to 10.24s). */
|
scanParams.window = scanningParams.getWindow(); /**< Scan window between 0x0004 and 0x4000 in 0.625ms units (2.5ms to 10.24s). */
|
||||||
|
@ -350,9 +352,7 @@ ble_error_t nRF5xGap::connect(const Address_t peerAddr,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
gapAdrHelper_t gapAdrHelper;
|
uint32_t err = updateWhiteAndIdentityListInStack();
|
||||||
getStackWhiteIdentityList(gapAdrHelper);
|
|
||||||
uint32_t err = apllyWhiteIdentityList(gapAdrHelper);
|
|
||||||
|
|
||||||
if (err != BLE_ERROR_NONE) {
|
if (err != BLE_ERROR_NONE) {
|
||||||
return (ble_error_t)err;
|
return (ble_error_t)err;
|
||||||
|
@ -363,6 +363,9 @@ ble_error_t nRF5xGap::connect(const Address_t peerAddr,
|
||||||
#if (NRF_SD_BLE_API_VERSION <= 2)
|
#if (NRF_SD_BLE_API_VERSION <= 2)
|
||||||
scanParams.selective = scanningPolicyMode; /**< If 1, ignore unknown devices (non whitelisted). */
|
scanParams.selective = scanningPolicyMode; /**< If 1, ignore unknown devices (non whitelisted). */
|
||||||
scanParams.p_whitelist = &whitelist; /**< Pointer to whitelist, NULL if none is given. */
|
scanParams.p_whitelist = &whitelist; /**< Pointer to whitelist, NULL if none is given. */
|
||||||
|
#else
|
||||||
|
scanParams.use_whitelist = scanningPolicyMode;
|
||||||
|
scanParams.adv_dir_report = 0;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if (scanParamsIn != NULL) {
|
if (scanParamsIn != NULL) {
|
||||||
|
@ -1016,31 +1019,123 @@ ble_error_t nRF5xGap::generateStackWhitelist(ble_gap_whitelist_t &whitelist)
|
||||||
|
|
||||||
#if (NRF_SD_BLE_API_VERSION >= 3)
|
#if (NRF_SD_BLE_API_VERSION >= 3)
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Fuction for preparing setting of the whitelist-feature and identiti-reseolv-feature (privacy).
|
||||||
|
*
|
||||||
|
* Created setting are intended to be used to configure SoftDevices.
|
||||||
|
*
|
||||||
|
* @param[out] gapAdrHelper Reference to the struct for storing settings.
|
||||||
|
*/
|
||||||
|
|
||||||
ble_error_t nRF5xGap::getStackWhiteIdentityList(gapAdrHelper_t &gapAdrHelper)
|
ble_error_t nRF5xGap::getStackWhiteIdentityList(GapWhiteAndIdentityList_t &gapAdrHelper)
|
||||||
{
|
{
|
||||||
// it's a mock
|
uint32_t peers_to_check = pm_peer_count();
|
||||||
//@todo non trivial implementation
|
pm_peer_id_t peer_id;
|
||||||
gapAdrHelper.num_of_whitelist_items = 0;
|
|
||||||
gapAdrHelper.num_of_identiti_items = 0;
|
ret_code_t ret;
|
||||||
|
|
||||||
|
pm_peer_data_bonding_t bond_data;
|
||||||
|
pm_peer_data_t peer_data;
|
||||||
|
uint32_t const buf_size = sizeof(bond_data);
|
||||||
|
|
||||||
|
memset(&peer_data, 0x00, sizeof(peer_data));
|
||||||
|
peer_data.p_bonding_data = &bond_data;
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
uint8_t irk_fund[YOTTA_CFG_WHITELIST_MAX_SIZE];
|
||||||
|
|
||||||
|
memset(irk_fund, 0x00, sizeof(irk_fund));
|
||||||
|
|
||||||
|
|
||||||
|
gapAdrHelper.identities_cnt = 0;
|
||||||
|
|
||||||
|
|
||||||
|
peer_id = pm_next_peer_id_get(PM_PEER_ID_INVALID);
|
||||||
|
|
||||||
|
nRF5xSecurityManager& securityManager = (nRF5xSecurityManager&) nRF5xn::Instance(0).getSecurityManager();
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Build identities list:
|
||||||
|
* For every private resolvable address in the bond table check if
|
||||||
|
* there is maching address in th provided whitelist.
|
||||||
|
*/
|
||||||
|
while ((peer_id != PM_PEER_ID_INVALID) && (peers_to_check--))
|
||||||
|
{
|
||||||
|
memset(&bond_data, 0x00, sizeof(bond_data));
|
||||||
|
|
||||||
|
// Read peer data from flash.
|
||||||
|
ret = pds_peer_data_read(peer_id, PM_PEER_DATA_ID_BONDING,
|
||||||
|
&peer_data, &buf_size);
|
||||||
|
|
||||||
|
|
||||||
|
if ((ret == NRF_ERROR_NOT_FOUND) || (ret == NRF_ERROR_INVALID_PARAM))
|
||||||
|
{
|
||||||
|
// Peer data coulnd't be found in flash or peer ID is not valid.
|
||||||
|
return BLE_ERROR_UNSPECIFIED;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( bond_data.peer_ble_id.id_addr_info.addr_type == BLEProtocol::AddressType::RANDOM_PRIVATE_RESOLVABLE)
|
||||||
|
{
|
||||||
|
for (uint8_t i = 0; i < whitelistAddressesSize; ++i)
|
||||||
|
{
|
||||||
|
if (!irk_fund[i])
|
||||||
|
{
|
||||||
|
if (whitelistAddresses[i].addr_type == BLEProtocol::AddressType::RANDOM_PRIVATE_RESOLVABLE)
|
||||||
|
{
|
||||||
|
|
||||||
|
//ble_gap_irk_t *p_dfg = &bond_data.peer_ble_id.id_info;
|
||||||
|
if (securityManager.matchAddressAndIrk(&whitelistAddresses[i], &bond_data.peer_ble_id.id_info))
|
||||||
|
{
|
||||||
|
// Copy data to the buffer.
|
||||||
|
memcpy(&gapAdrHelper.identity[i], &bond_data.peer_ble_id, sizeof(ble_gap_id_key_t));
|
||||||
|
gapAdrHelper.pp_identities[i] = &gapAdrHelper.identity[i];
|
||||||
|
gapAdrHelper.identities_cnt++;
|
||||||
|
|
||||||
|
irk_fund[i] = 1; // don't look at this address again
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// get next peer id
|
||||||
|
peer_id = pm_next_peer_id_get(peer_id);
|
||||||
|
}
|
||||||
|
|
||||||
|
gapAdrHelper.addr_cnt = 0;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Bulida whitelist from the rest of addresses (explicite addressess6)
|
||||||
|
*/
|
||||||
|
for (uint8_t i = 0; i < whitelistAddressesSize; ++i)
|
||||||
|
{
|
||||||
|
if (!irk_fund[i])
|
||||||
|
{
|
||||||
|
memcpy(&gapAdrHelper.addr[i], &bond_data.peer_ble_id.id_addr_info, sizeof(ble_gap_addr_t));
|
||||||
|
gapAdrHelper.pp_addr[i] = &gapAdrHelper.addr[i];
|
||||||
|
gapAdrHelper.addr_cnt++;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return BLE_ERROR_NONE;
|
return BLE_ERROR_NONE;
|
||||||
}
|
}
|
||||||
|
|
||||||
ble_error_t nRF5xGap::apllyWhiteIdentityList(gapAdrHelper_t &gapAdrHelper)
|
ble_error_t nRF5xGap::apllyWhiteIdentityList(GapWhiteAndIdentityList_t &gapAdrHelper)
|
||||||
{
|
{
|
||||||
uint32_t retc;
|
uint32_t retc;
|
||||||
|
|
||||||
if (gapAdrHelper.num_of_identiti_items == 0) {
|
if (gapAdrHelper.identities_cnt == 0) {
|
||||||
retc = sd_ble_gap_device_identities_set(NULL, NULL, 0);
|
retc = sd_ble_gap_device_identities_set(NULL, NULL, 0);
|
||||||
} else {
|
} else {
|
||||||
retc = sd_ble_gap_device_identities_set(gapAdrHelper.identities, NULL /* Don't use local IRKs*/,gapAdrHelper.num_of_identiti_items);
|
retc = sd_ble_gap_device_identities_set(gapAdrHelper.pp_identities, NULL /* Don't use local IRKs*/,gapAdrHelper.identities_cnt);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (retc == NRF_SUCCESS) {
|
if (retc == NRF_SUCCESS) {
|
||||||
if (gapAdrHelper.num_of_whitelist_items == 0) {
|
if (gapAdrHelper.addr_cnt == 0) {
|
||||||
retc = sd_ble_gap_whitelist_set(NULL, 0);
|
retc = sd_ble_gap_whitelist_set(NULL, 0);
|
||||||
} else {
|
} else {
|
||||||
retc = sd_ble_gap_whitelist_set(gapAdrHelper.whitelist, gapAdrHelper.num_of_whitelist_items);
|
retc = sd_ble_gap_whitelist_set(gapAdrHelper.pp_addr, gapAdrHelper.addr_cnt);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1063,4 +1158,24 @@ ble_error_t nRF5xGap::apllyWhiteIdentityList(gapAdrHelper_t &gapAdrHelper)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ble_error_t nRF5xGap::updateWhiteAndIdentityListInStack(void)
|
||||||
|
{
|
||||||
|
GapWhiteAndIdentityList_t whiteAndIdentityList;
|
||||||
|
uint32_t err;
|
||||||
|
|
||||||
|
/* Add missing IRKs to nRF5xGap's whitelist from the bond table held by the Peer Manager */
|
||||||
|
if (advertisingPolicyMode != Gap::ADV_POLICY_IGNORE_WHITELIST) {
|
||||||
|
err = getStackWhiteIdentityList(whiteAndIdentityList);
|
||||||
|
|
||||||
|
if (err != BLE_ERROR_NONE) {
|
||||||
|
return (ble_error_t)err;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
whiteAndIdentityList.addr_cnt = 0;
|
||||||
|
whiteAndIdentityList.identities_cnt = 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
return apllyWhiteIdentityList(whiteAndIdentityList);
|
||||||
|
}
|
||||||
#endif
|
#endif
|
|
@ -152,16 +152,18 @@ private:
|
||||||
#if (NRF_SD_BLE_API_VERSION >= 3)
|
#if (NRF_SD_BLE_API_VERSION >= 3)
|
||||||
typedef struct
|
typedef struct
|
||||||
{
|
{
|
||||||
ble_gap_addr_t private_device[YOTTA_CFG_WHITELIST_MAX_SIZE + YOTTA_CFG_IRK_TABLE_MAX_SIZE];
|
ble_gap_addr_t addr[YOTTA_CFG_WHITELIST_MAX_SIZE];
|
||||||
ble_gap_addr_t * whitelist[YOTTA_CFG_WHITELIST_MAX_SIZE + YOTTA_CFG_IRK_TABLE_MAX_SIZE];
|
ble_gap_addr_t * pp_addr[YOTTA_CFG_WHITELIST_MAX_SIZE];
|
||||||
uint32_t num_of_whitelist_items;
|
uint32_t addr_cnt;
|
||||||
ble_gap_id_key_t identitie[YOTTA_CFG_IRK_TABLE_MAX_SIZE];
|
|
||||||
ble_gap_id_key_t * identities[YOTTA_CFG_IRK_TABLE_MAX_SIZE];
|
|
||||||
uint32_t num_of_identiti_items;
|
|
||||||
} gapAdrHelper_t;
|
|
||||||
|
|
||||||
ble_error_t getStackWhiteIdentityList(gapAdrHelper_t &gapAdrHelper);
|
ble_gap_id_key_t identity[YOTTA_CFG_IRK_TABLE_MAX_SIZE];
|
||||||
ble_error_t apllyWhiteIdentityList(gapAdrHelper_t &gapAdrHelper);
|
ble_gap_id_key_t * pp_identities[YOTTA_CFG_IRK_TABLE_MAX_SIZE];
|
||||||
|
uint32_t identities_cnt;
|
||||||
|
} GapWhiteAndIdentityList_t;
|
||||||
|
|
||||||
|
ble_error_t getStackWhiteIdentityList(GapWhiteAndIdentityList_t &whiteAndIdentityList);
|
||||||
|
ble_error_t apllyWhiteIdentityList(GapWhiteAndIdentityList_t &whiteAndIdentityList);
|
||||||
|
ble_error_t updateWhiteAndIdentityListInStack(void);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
private:
|
private:
|
||||||
|
|
|
@ -4,10 +4,10 @@ LR_IROM1 0x21000 0x00DF000 {
|
||||||
*(InRoot$$Sections)
|
*(InRoot$$Sections)
|
||||||
.ANY (+RO)
|
.ANY (+RO)
|
||||||
}
|
}
|
||||||
RW_IRAM0 0x20002EF8 UNINIT 0x000000F8 { ;no init section
|
RW_IRAM0 0x20003288 UNINIT 0x000000F8 { ;no init section
|
||||||
*(noinit)
|
*(noinit)
|
||||||
}
|
}
|
||||||
RW_IRAM1 0x20002FF0 0x0003D010 {
|
RW_IRAM1 0x20003380 0x0003cc80 {
|
||||||
.ANY (+RW +ZI)
|
.ANY (+RW +ZI)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -19,7 +19,7 @@
|
||||||
MEMORY
|
MEMORY
|
||||||
{
|
{
|
||||||
FLASH (rx) : ORIGIN = 0x21000, LENGTH = 0xDF000
|
FLASH (rx) : ORIGIN = 0x21000, LENGTH = 0xDF000
|
||||||
RAM (rwx) : ORIGIN = 0x20002ef8, LENGTH = 0x3d108
|
RAM (rwx) : ORIGIN = 0x20003288, LENGTH = 0x3cd78
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,7 @@ define symbol __ICFEDIT_intvec_start__ = 0x21000;
|
||||||
/*-Memory Regions-*/
|
/*-Memory Regions-*/
|
||||||
define symbol __ICFEDIT_region_ROM_start__ = 0x21000;
|
define symbol __ICFEDIT_region_ROM_start__ = 0x21000;
|
||||||
define symbol __ICFEDIT_region_ROM_end__ = 0xfffff;
|
define symbol __ICFEDIT_region_ROM_end__ = 0xfffff;
|
||||||
define symbol __ICFEDIT_region_RAM_start__ = 0x20002ef8;
|
define symbol __ICFEDIT_region_RAM_start__ = 0x20003288;
|
||||||
define symbol __ICFEDIT_region_RAM_end__ = 0x2003ffff;
|
define symbol __ICFEDIT_region_RAM_end__ = 0x2003ffff;
|
||||||
export symbol __ICFEDIT_region_RAM_start__;
|
export symbol __ICFEDIT_region_RAM_start__;
|
||||||
export symbol __ICFEDIT_region_RAM_end__;
|
export symbol __ICFEDIT_region_RAM_end__;
|
||||||
|
|
Loading…
Reference in New Issue