ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

move securitydb into generic

pull/6932/head
paul-szczepanek-arm 2018-05-10 11:08:31 +01:00
parent b95da8d8c4
commit 473482d204
9 changed files with 75 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
features/FEATURE_BLE/ble/SecurityManager.h
View File

@ -417,6 +417,9 @@ public:
* support out-of-band exchanges of security data. * support out-of-band exchanges of security data.
* @param[in] passkey To specify a static passkey. * @param[in] passkey To specify a static passkey.
* @param[in] signing Generate and distribute signing key during pairing * @param[in] signing Generate and distribute signing key during pairing
* @param[in] dbPath Path to the folder used to store keys in the filesystem,
* if NULL keys will be only stored in memory
*
* *
* @return BLE_ERROR_NONE on success. * @return BLE_ERROR_NONE on success.
*/ */
@ -424,12 +427,14 @@ public:
bool requireMITM = true, bool requireMITM = true,
SecurityIOCapabilities_t iocaps = IO_CAPS_NONE, SecurityIOCapabilities_t iocaps = IO_CAPS_NONE,
const Passkey_t passkey = NULL, const Passkey_t passkey = NULL,
bool signing = true) { bool signing = true,
const uint8_t *dbPath = NULL) {
/* Avoid compiler warnings about unused variables. */ /* Avoid compiler warnings about unused variables. */
(void)enableBonding; (void)enableBonding;
(void)requireMITM; (void)requireMITM;
(void)iocaps; (void)iocaps;
(void)passkey; (void)passkey;
(void)dbPath;
return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */ return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
} }

32
features/FEATURE_BLE/ble/generic/GenericSecurityManager.h
View File

@ -19,7 +19,7 @@
#include "ble/pal/GapTypes.h" #include "ble/pal/GapTypes.h"
#include "ble/BLETypes.h" #include "ble/BLETypes.h"
#include "ble/pal/SecurityDb.h" #include "ble/generic/SecurityDb.h"
#include "platform/Callback.h" #include "platform/Callback.h"
#include "ble/pal/ConnectionEventMonitor.h" #include "ble/pal/ConnectionEventMonitor.h"
#include "ble/pal/SigningEventMonitor.h" #include "ble/pal/SigningEventMonitor.h"
@ -37,8 +37,6 @@ class GenericSecurityManager : public SecurityManager,
public pal::ConnectionEventMonitor::EventHandler, public pal::ConnectionEventMonitor::EventHandler,
public pal::SigningEventMonitor::EventHandler { public pal::SigningEventMonitor::EventHandler {
public: public:
typedef ble::pal::SecurityDistributionFlags_t SecurityDistributionFlags_t;
typedef ble::pal::SecurityEntryKeys_t SecurityEntryKeys_t;
/* implements SecurityManager */ /* implements SecurityManager */
@ -51,7 +49,8 @@ public:
bool mitm = true, bool mitm = true,
SecurityIOCapabilities_t iocaps = IO_CAPS_NONE, SecurityIOCapabilities_t iocaps = IO_CAPS_NONE,
const Passkey_t passkey = NULL, const Passkey_t passkey = NULL,
bool signing = true bool signing = true,
const uint8_t* db_path = NULL
); );
virtual ble_error_t reset(); virtual ble_error_t reset();
@ -236,11 +235,9 @@ public:
public: public:
GenericSecurityManager( GenericSecurityManager(
pal::SecurityManager &palImpl, pal::SecurityManager &palImpl,
pal::SecurityDb &dbImpl,
pal::ConnectionEventMonitor &connMonitorImpl, pal::ConnectionEventMonitor &connMonitorImpl,
pal::SigningEventMonitor &signingMonitorImpl pal::SigningEventMonitor &signingMonitorImpl
) : _pal(palImpl), ) : _pal(palImpl),
_db(dbImpl),
_connection_monitor(connMonitorImpl), _connection_monitor(connMonitorImpl),
_signing_monitor(signingMonitorImpl), _signing_monitor(signingMonitorImpl),
_default_authentication(0), _default_authentication(0),
@ -308,7 +305,7 @@ private:
* @param[in] entryKeys security entry containing keys. * @param[in] entryKeys security entry containing keys.
*/ */
void enable_encryption_cb( void enable_encryption_cb(
pal::SecurityDb::entry_handle_t entry, SecurityDb::entry_handle_t entry,
const SecurityEntryKeys_t* entryKeys const SecurityEntryKeys_t* entryKeys
); );
@ -319,7 +316,7 @@ private:
* @param[in] entryKeys security entry containing keys. * @param[in] entryKeys security entry containing keys.
*/ */
void set_ltk_cb( void set_ltk_cb(
pal::SecurityDb::entry_handle_t entry, SecurityDb::entry_handle_t entry,
const SecurityEntryKeys_t* entryKeys const SecurityEntryKeys_t* entryKeys
); );
@ -330,7 +327,7 @@ private:
* @param[in] csrk connection signature resolving key. * @param[in] csrk connection signature resolving key.
*/ */
void return_csrk_cb( void return_csrk_cb(
pal::SecurityDb::entry_handle_t connection, SecurityDb::entry_handle_t connection,
const csrk_t *csrk, const csrk_t *csrk,
sign_count_t sign_counter sign_count_t sign_counter
); );
@ -342,7 +339,7 @@ private:
* @param[in] csrk connection signature resolving key. * @param[in] csrk connection signature resolving key.
*/ */
void set_peer_csrk_cb( void set_peer_csrk_cb(
pal::SecurityDb::entry_handle_t connection, SecurityDb::entry_handle_t connection,
const csrk_t *csrk, const csrk_t *csrk,
sign_count_t sign_counter sign_count_t sign_counter
); );
@ -407,8 +404,8 @@ private:
* @param identity The identity associated with the entry; may be NULL. * @param identity The identity associated with the entry; may be NULL.
*/ */
void on_security_entry_retrieved( void on_security_entry_retrieved(
pal::SecurityDb::entry_handle_t entry, SecurityDb::entry_handle_t entry,
const pal::SecurityEntryIdentity_t* identity const SecurityEntryIdentity_t* identity
); );
/** /**
@ -421,12 +418,12 @@ private:
* @param count Number of identities entries retrieved. * @param count Number of identities entries retrieved.
*/ */
void on_identity_list_retrieved( void on_identity_list_retrieved(
ble::ArrayView<pal::SecurityEntryIdentity_t*>& identity_list, ble::ArrayView<SecurityEntryIdentity_t*>& identity_list,
size_t count size_t count
); );
private: private:
struct ControlBlock_t : public pal::SecurityDistributionFlags_t { struct ControlBlock_t : public SecurityDistributionFlags_t {
ControlBlock_t(); ControlBlock_t();
pal::KeyDistribution get_initiator_key_distribution() { pal::KeyDistribution get_initiator_key_distribution() {
@ -443,7 +440,7 @@ private:
}; };
connection_handle_t connection; connection_handle_t connection;
pal::SecurityDb::entry_handle_t db_entry; SecurityDb::entry_handle_t db_entry;
address_t local_address; /**< address used for connection, possibly different from identity */ address_t local_address; /**< address used for connection, possibly different from identity */
@ -473,10 +470,11 @@ private:
}; };
pal::SecurityManager &_pal; pal::SecurityManager &_pal;
pal::SecurityDb &_db;
pal::ConnectionEventMonitor &_connection_monitor; pal::ConnectionEventMonitor &_connection_monitor;
pal::SigningEventMonitor &_signing_monitor; pal::SigningEventMonitor &_signing_monitor;
SecurityDb *_db;
/* OOB data */ /* OOB data */
address_t _oob_local_address; address_t _oob_local_address;
address_t _oob_peer_address; address_t _oob_peer_address;
@ -718,7 +716,7 @@ public:
ControlBlock_t* get_control_block(const address_t &peer_address); ControlBlock_t* get_control_block(const address_t &peer_address);
ControlBlock_t* get_control_block(pal::SecurityDb::entry_handle_t db_entry); ControlBlock_t* get_control_block(SecurityDb::entry_handle_t db_entry);
void release_control_block(ControlBlock_t* entry); void release_control_block(ControlBlock_t* entry);
}; };

2
features/FEATURE_BLE/ble/pal/MemorySecurityDb.h → features/FEATURE_BLE/ble/generic/MemorySecurityDb.h
View File

@ -20,7 +20,7 @@
#include "SecurityDb.h" #include "SecurityDb.h"
namespace ble { namespace ble {
namespace pal { namespace generic {
/** Naive memory implementation for verification. */ /** Naive memory implementation for verification. */
class MemorySecurityDb : public SecurityDb { class MemorySecurityDb : public SecurityDb {

2
features/FEATURE_BLE/ble/pal/SecurityDb.h → features/FEATURE_BLE/ble/generic/SecurityDb.h
View File

@ -24,7 +24,7 @@
#include <stdlib.h> #include <stdlib.h>
namespace ble { namespace ble {
namespace pal { namespace generic {
/** /**

99
features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp
View File

@ -17,6 +17,8 @@
#include "ble/SecurityManager.h" #include "ble/SecurityManager.h"
#include "ble/pal/PalSecurityManager.h" #include "ble/pal/PalSecurityManager.h"
#include "ble/generic/GenericSecurityManager.h" #include "ble/generic/GenericSecurityManager.h"
#include "ble/generic/MemorySecurityDb.h"
#include "ble/generic/FileSecurityDb.h"
using ble::pal::advertising_peer_address_type_t; using ble::pal::advertising_peer_address_type_t;
using ble::pal::AuthenticationMask; using ble::pal::AuthenticationMask;
@ -37,14 +39,17 @@ ble_error_t GenericSecurityManager::init(
bool mitm, bool mitm,
SecurityIOCapabilities_t iocaps, SecurityIOCapabilities_t iocaps,
const Passkey_t passkey, const Passkey_t passkey,
bool signing bool signing,
const uint8_t* db_path
) { ) {
ble_error_t err = _pal.initialize(); ble_error_t err = _pal.initialize();
if (err) { if (err) {
return err; return err;
} }
_db.restore(); _db = new (std::nothrow) MemorySecurityDb();
_db->restore();
_pal.set_io_capability((io_capability_t::type) iocaps); _pal.set_io_capability((io_capability_t::type) iocaps);
if (passkey) { if (passkey) {
@ -75,16 +80,16 @@ ble_error_t GenericSecurityManager::init(
_pal.set_event_handler(this); _pal.set_event_handler(this);
uint8_t resolving_list_capacity = _pal.read_resolving_list_capacity(); uint8_t resolving_list_capacity = _pal.read_resolving_list_capacity();
pal::SecurityEntryIdentity_t** identity_list_p = SecurityEntryIdentity_t** identity_list_p =
new (std::nothrow) pal::SecurityEntryIdentity_t*[resolving_list_capacity]; new (std::nothrow) SecurityEntryIdentity_t*[resolving_list_capacity];
if (identity_list_p) { if (identity_list_p) {
ArrayView<pal::SecurityEntryIdentity_t*> identity_list( ArrayView<SecurityEntryIdentity_t*> identity_list(
identity_list_p, identity_list_p,
resolving_list_capacity resolving_list_capacity
); );
_db.get_identity_list( _db->get_identity_list(
mbed::callback(this, &GenericSecurityManager::on_identity_list_retrieved), mbed::callback(this, &GenericSecurityManager::on_identity_list_retrieved),
identity_list identity_list
); );
@ -94,7 +99,7 @@ ble_error_t GenericSecurityManager::init(
} }
ble_error_t GenericSecurityManager::reset(void) { ble_error_t GenericSecurityManager::reset(void) {
_db.sync(); _db->sync();
_pal.reset(); _pal.reset();
SecurityManager::reset(); SecurityManager::reset();
@ -102,7 +107,7 @@ ble_error_t GenericSecurityManager::reset(void) {
} }
ble_error_t GenericSecurityManager::preserveBondingStateOnReset(bool enabled) { ble_error_t GenericSecurityManager::preserveBondingStateOnReset(bool enabled) {
_db.set_restore(enabled); _db->set_restore(enabled);
return BLE_ERROR_NONE; return BLE_ERROR_NONE;
} }
@ -111,13 +116,13 @@ ble_error_t GenericSecurityManager::preserveBondingStateOnReset(bool enabled) {
// //
ble_error_t GenericSecurityManager::purgeAllBondingState(void) { ble_error_t GenericSecurityManager::purgeAllBondingState(void) {
_db.clear_entries(); _db->clear_entries();
return BLE_ERROR_NONE; return BLE_ERROR_NONE;
} }
ble_error_t GenericSecurityManager::generateWhitelistFromBondTable(Gap::Whitelist_t *whitelist) const { ble_error_t GenericSecurityManager::generateWhitelistFromBondTable(Gap::Whitelist_t *whitelist) const {
if (eventHandler) { if (eventHandler) {
_db.generate_whitelist_from_bond_table( _db->generate_whitelist_from_bond_table(
mbed::callback(eventHandler, &::SecurityManager::EventHandler::whitelistFromBondTable), mbed::callback(eventHandler, &::SecurityManager::EventHandler::whitelistFromBondTable),
whitelist whitelist
); );
@ -333,7 +338,7 @@ ble_error_t GenericSecurityManager::enableSigning(
cb->signing_requested = true; cb->signing_requested = true;
if (cb->csrk_stored) { if (cb->csrk_stored) {
/* used the stored ones when available */ /* used the stored ones when available */
_db.get_entry_peer_csrk( _db->get_entry_peer_csrk(
mbed::callback(this, &GenericSecurityManager::set_peer_csrk_cb), mbed::callback(this, &GenericSecurityManager::set_peer_csrk_cb),
cb->db_entry cb->db_entry
); );
@ -471,7 +476,7 @@ ble_error_t GenericSecurityManager::getSigningKey(connection_handle_t connection
if (cb->csrk_stored && (cb->csrk_mitm_protected || !authenticated)) { if (cb->csrk_stored && (cb->csrk_mitm_protected || !authenticated)) {
/* we have a key that is either authenticated or we don't care if it is /* we have a key that is either authenticated or we don't care if it is
* so retrieve it from the db now */ * so retrieve it from the db now */
_db.get_entry_peer_csrk( _db->get_entry_peer_csrk(
mbed::callback(this, &GenericSecurityManager::return_csrk_cb), mbed::callback(this, &GenericSecurityManager::return_csrk_cb),
cb->db_entry cb->db_entry
); );
@ -658,8 +663,8 @@ ble_error_t GenericSecurityManager::oobReceived(
// //
ble_error_t GenericSecurityManager::init_signing() { ble_error_t GenericSecurityManager::init_signing() {
const csrk_t *pcsrk = _db.get_local_csrk(); const csrk_t *pcsrk = _db->get_local_csrk();
sign_count_t local_sign_counter = _db.get_local_sign_counter(); sign_count_t local_sign_counter = _db->get_local_sign_counter();
if (!pcsrk) { if (!pcsrk) {
csrk_t csrk; csrk_t csrk;
@ -670,8 +675,8 @@ ble_error_t GenericSecurityManager::init_signing() {
} }
pcsrk = &csrk; pcsrk = &csrk;
_db.set_local_csrk(csrk); _db->set_local_csrk(csrk);
_db.set_local_sign_counter(local_sign_counter); _db->set_local_sign_counter(local_sign_counter);
} }
return _pal.set_csrk(*pcsrk, local_sign_counter); return _pal.set_csrk(*pcsrk, local_sign_counter);
@ -713,7 +718,7 @@ ble_error_t GenericSecurityManager::enable_encryption(connection_handle_t connec
} }
if (cb->is_master) { if (cb->is_master) {
if (cb->ltk_stored) { if (cb->ltk_stored) {
_db.get_entry_peer_keys( _db->get_entry_peer_keys(
mbed::callback(this, &GenericSecurityManager::enable_encryption_cb), mbed::callback(this, &GenericSecurityManager::enable_encryption_cb),
cb->db_entry cb->db_entry
); );
@ -727,7 +732,7 @@ ble_error_t GenericSecurityManager::enable_encryption(connection_handle_t connec
} }
void GenericSecurityManager::enable_encryption_cb( void GenericSecurityManager::enable_encryption_cb(
pal::SecurityDb::entry_handle_t db_entry, SecurityDb::entry_handle_t db_entry,
const SecurityEntryKeys_t* entryKeys const SecurityEntryKeys_t* entryKeys
) { ) {
ControlBlock_t *cb = get_control_block(db_entry); ControlBlock_t *cb = get_control_block(db_entry);
@ -742,7 +747,7 @@ void GenericSecurityManager::enable_encryption_cb(
} }
void GenericSecurityManager::set_ltk_cb( void GenericSecurityManager::set_ltk_cb(
pal::SecurityDb::entry_handle_t db_entry, SecurityDb::entry_handle_t db_entry,
const SecurityEntryKeys_t* entryKeys const SecurityEntryKeys_t* entryKeys
) { ) {
ControlBlock_t *cb = get_control_block(db_entry); ControlBlock_t *cb = get_control_block(db_entry);
@ -757,7 +762,7 @@ void GenericSecurityManager::set_ltk_cb(
} }
void GenericSecurityManager::set_peer_csrk_cb( void GenericSecurityManager::set_peer_csrk_cb(
pal::SecurityDb::entry_handle_t db_entry, SecurityDb::entry_handle_t db_entry,
const csrk_t *csrk, const csrk_t *csrk,
sign_count_t sign_counter sign_count_t sign_counter
) { ) {
@ -775,7 +780,7 @@ void GenericSecurityManager::set_peer_csrk_cb(
} }
void GenericSecurityManager::return_csrk_cb( void GenericSecurityManager::return_csrk_cb(
pal::SecurityDb::entry_handle_t db_entry, SecurityDb::entry_handle_t db_entry,
const csrk_t *csrk, const csrk_t *csrk,
sign_count_t sign_counter sign_count_t sign_counter
) { ) {
@ -846,13 +851,13 @@ void GenericSecurityManager::on_connected(
cb->is_master = (role == Gap::CENTRAL); cb->is_master = (role == Gap::CENTRAL);
// get the associated db handle and the distribution flags if any // get the associated db handle and the distribution flags if any
cb->db_entry = _db.open_entry(peer_address_type, peer_address); cb->db_entry = _db->open_entry(peer_address_type, peer_address);
const pal::SecurityDistributionFlags_t* dist_flags = const SecurityDistributionFlags_t* dist_flags =
_db.get_distribution_flags(cb->db_entry); _db->get_distribution_flags(cb->db_entry);
if (dist_flags) { if (dist_flags) {
*static_cast<pal::SecurityDistributionFlags_t*>(cb) = *dist_flags; *static_cast<SecurityDistributionFlags_t*>(cb) = *dist_flags;
} }
const bool signing = cb->signing_override_default ? const bool signing = cb->signing_override_default ?
@ -860,7 +865,7 @@ void GenericSecurityManager::on_connected(
_default_key_distribution.get_signing(); _default_key_distribution.get_signing();
if (signing && cb->csrk_stored) { if (signing && cb->csrk_stored) {
_db.get_entry_peer_csrk( _db->get_entry_peer_csrk(
mbed::callback(this, &GenericSecurityManager::set_peer_csrk_cb), mbed::callback(this, &GenericSecurityManager::set_peer_csrk_cb),
cb->db_entry cb->db_entry
); );
@ -876,15 +881,15 @@ void GenericSecurityManager::on_disconnected(
return; return;
} }
_db.close_entry(cb->db_entry); _db->close_entry(cb->db_entry);
release_control_block(cb); release_control_block(cb);
_db.sync(); _db->sync();
} }
void GenericSecurityManager::on_security_entry_retrieved( void GenericSecurityManager::on_security_entry_retrieved(
pal::SecurityDb::entry_handle_t entry, SecurityDb::entry_handle_t entry,
const pal::SecurityEntryIdentity_t* identity const SecurityEntryIdentity_t* identity
) { ) {
if (!identity) { if (!identity) {
return; return;
@ -902,7 +907,7 @@ void GenericSecurityManager::on_security_entry_retrieved(
} }
void GenericSecurityManager::on_identity_list_retrieved( void GenericSecurityManager::on_identity_list_retrieved(
ble::ArrayView<pal::SecurityEntryIdentity_t*>& identity_list, ble::ArrayView<SecurityEntryIdentity_t*>& identity_list,
size_t count size_t count
) { ) {
typedef advertising_peer_address_type_t address_type_t; typedef advertising_peer_address_type_t address_type_t;
@ -992,8 +997,8 @@ void GenericSecurityManager::on_pairing_completed(connection_handle_t connection
ControlBlock_t *cb = get_control_block(connection); ControlBlock_t *cb = get_control_block(connection);
if (cb) { if (cb) {
// set the distribution flags in the db // set the distribution flags in the db
_db.set_distribution_flags(cb->db_entry, *cb); _db->set_distribution_flags(cb->db_entry, *cb);
_db.get_entry_identity( _db->get_entry_identity(
mbed::callback(this, &GenericSecurityManager::on_security_entry_retrieved), mbed::callback(this, &GenericSecurityManager::on_security_entry_retrieved),
cb->db_entry cb->db_entry
); );
@ -1021,7 +1026,7 @@ void GenericSecurityManager::on_signed_write_received(
if (!cb) { if (!cb) {
return; return;
} }
_db.set_entry_peer_sign_counter(cb->db_entry, sign_counter); _db->set_entry_peer_sign_counter(cb->db_entry, sign_counter);
} }
void GenericSecurityManager::on_signed_write_verification_failure( void GenericSecurityManager::on_signed_write_verification_failure(
@ -1050,7 +1055,7 @@ void GenericSecurityManager::on_signed_write_verification_failure(
} }
void GenericSecurityManager::on_signed_write() { void GenericSecurityManager::on_signed_write() {
_db.set_local_sign_counter(_db.get_local_sign_counter() + 1); _db->set_local_sign_counter(_db->get_local_sign_counter() + 1);
} }
void GenericSecurityManager::on_slave_security_request( void GenericSecurityManager::on_slave_security_request(
@ -1229,7 +1234,7 @@ void GenericSecurityManager::on_secure_connections_ltk_generated(
cb->ltk_mitm_protected = cb->mitm_performed; cb->ltk_mitm_protected = cb->mitm_performed;
cb->secure_connections_paired = true; cb->secure_connections_paired = true;
_db.set_entry_peer_ltk(cb->db_entry, ltk); _db->set_entry_peer_ltk(cb->db_entry, ltk);
} }
void GenericSecurityManager::on_keys_distributed_ltk( void GenericSecurityManager::on_keys_distributed_ltk(
@ -1241,7 +1246,7 @@ void GenericSecurityManager::on_keys_distributed_ltk(
return; return;
} }
cb->ltk_mitm_protected = cb->mitm_performed; cb->ltk_mitm_protected = cb->mitm_performed;
_db.set_entry_peer_ltk(cb->db_entry, ltk); _db->set_entry_peer_ltk(cb->db_entry, ltk);
} }
void GenericSecurityManager::on_keys_distributed_ediv_rand( void GenericSecurityManager::on_keys_distributed_ediv_rand(
@ -1254,7 +1259,7 @@ void GenericSecurityManager::on_keys_distributed_ediv_rand(
return; return;
} }
_db.set_entry_peer_ediv_rand(cb->db_entry, ediv, rand); _db->set_entry_peer_ediv_rand(cb->db_entry, ediv, rand);
} }
void GenericSecurityManager::on_keys_distributed_local_ltk( void GenericSecurityManager::on_keys_distributed_local_ltk(
@ -1266,7 +1271,7 @@ void GenericSecurityManager::on_keys_distributed_local_ltk(
return; return;
} }
_db.set_entry_local_ltk(cb->db_entry, ltk); _db->set_entry_local_ltk(cb->db_entry, ltk);
} }
void GenericSecurityManager::on_keys_distributed_local_ediv_rand( void GenericSecurityManager::on_keys_distributed_local_ediv_rand(
@ -1279,7 +1284,7 @@ void GenericSecurityManager::on_keys_distributed_local_ediv_rand(
return; return;
} }
_db.set_entry_local_ediv_rand(cb->db_entry, ediv, rand); _db->set_entry_local_ediv_rand(cb->db_entry, ediv, rand);
} }
void GenericSecurityManager::on_keys_distributed_irk( void GenericSecurityManager::on_keys_distributed_irk(
@ -1291,7 +1296,7 @@ void GenericSecurityManager::on_keys_distributed_irk(
return; return;
} }
_db.set_entry_peer_irk(cb->db_entry, irk); _db->set_entry_peer_irk(cb->db_entry, irk);
} }
void GenericSecurityManager::on_keys_distributed_bdaddr( void GenericSecurityManager::on_keys_distributed_bdaddr(
@ -1304,7 +1309,7 @@ void GenericSecurityManager::on_keys_distributed_bdaddr(
return; return;
} }
_db.set_entry_peer_bdaddr( _db->set_entry_peer_bdaddr(
cb->db_entry, cb->db_entry,
(peer_address_type == advertising_peer_address_type_t::PUBLIC_ADDRESS), (peer_address_type == advertising_peer_address_type_t::PUBLIC_ADDRESS),
peer_identity_address peer_identity_address
@ -1322,7 +1327,7 @@ void GenericSecurityManager::on_keys_distributed_csrk(
cb->csrk_mitm_protected = cb->mitm_performed; cb->csrk_mitm_protected = cb->mitm_performed;
_db.set_entry_peer_csrk(cb->db_entry, csrk); _db->set_entry_peer_csrk(cb->db_entry, csrk);
eventHandler->signingKey( eventHandler->signingKey(
connection, connection,
@ -1341,7 +1346,7 @@ void GenericSecurityManager::on_ltk_request(
return; return;
} }
_db.get_entry_local_keys( _db->get_entry_local_keys(
mbed::callback(this, &GenericSecurityManager::set_ltk_cb), mbed::callback(this, &GenericSecurityManager::set_ltk_cb),
cb->db_entry, cb->db_entry,
ediv, ediv,
@ -1352,7 +1357,7 @@ void GenericSecurityManager::on_ltk_request(
/* control blocks list management */ /* control blocks list management */
GenericSecurityManager::ControlBlock_t::ControlBlock_t() : GenericSecurityManager::ControlBlock_t::ControlBlock_t() :
pal::SecurityDistributionFlags_t(), SecurityDistributionFlags_t(),
connection(0), connection(0),
db_entry(0), db_entry(0),
local_address(), local_address(),
@ -1379,7 +1384,7 @@ void GenericSecurityManager::on_ltk_request(connection_handle_t connection)
return; return;
} }
_db.get_entry_local_keys( _db->get_entry_local_keys(
mbed::callback(this, &GenericSecurityManager::set_ltk_cb), mbed::callback(this, &GenericSecurityManager::set_ltk_cb),
cb->db_entry cb->db_entry
); );
@ -1428,7 +1433,7 @@ GenericSecurityManager::ControlBlock_t* GenericSecurityManager::get_control_bloc
} }
GenericSecurityManager::ControlBlock_t* GenericSecurityManager::get_control_block( GenericSecurityManager::ControlBlock_t* GenericSecurityManager::get_control_block(
pal::SecurityDb::entry_handle_t db_entry SecurityDb::entry_handle_t db_entry
) { ) {
for (size_t i = 0; i < MAX_CONTROL_BLOCKS; i++) { for (size_t i = 0; i < MAX_CONTROL_BLOCKS; i++) {
if (!_control_blocks[i].connected) { if (!_control_blocks[i].connected) {

1
features/FEATURE_BLE/targets/TARGET_CORDIO/CordioBLE.h
View File

@ -30,7 +30,6 @@
#include "CordioPalGenericAccessService.h" #include "CordioPalGenericAccessService.h"
#include "ble/generic/GenericGap.h" #include "ble/generic/GenericGap.h"
#include "ble/generic/GenericSecurityManager.h" #include "ble/generic/GenericSecurityManager.h"
#include "ble/pal/MemorySecurityDb.h"
#include "ble/pal/SimpleEventQueue.h" #include "ble/pal/SimpleEventQueue.h"
namespace ble { namespace ble {

2
features/FEATURE_BLE/targets/TARGET_CORDIO/source/CordioBLE.cpp
View File

@ -204,11 +204,9 @@ generic::GenericGattClient& BLE::getGattClient()
SecurityManager& BLE::getSecurityManager() SecurityManager& BLE::getSecurityManager()
{ {
static pal::MemorySecurityDb m_db;
static SigningEventMonitorProxy signing_event_monitor(*this); static SigningEventMonitorProxy signing_event_monitor(*this);
static generic::GenericSecurityManager m_instance( static generic::GenericSecurityManager m_instance(
pal::vendor::cordio::CordioSecurityManager::get_security_manager(), pal::vendor::cordio::CordioSecurityManager::get_security_manager(),
m_db,
getGap(), getGap(),
signing_event_monitor signing_event_monitor
); );

2
features/FEATURE_BLE/targets/TARGET_NORDIC/TARGET_NRF5/source/nRF5xn.cpp
View File

@ -208,7 +208,6 @@ SecurityManager& nRF5xn::getSecurityManager()
const SecurityManager& nRF5xn::getSecurityManager() const const SecurityManager& nRF5xn::getSecurityManager() const
{ {
static ble::pal::MemorySecurityDb m_db;
ble::pal::vendor::nordic::nRF5xSecurityManager &m_pal = ble::pal::vendor::nordic::nRF5xSecurityManager &m_pal =
ble::pal::vendor::nordic::nRF5xSecurityManager::get_security_manager(); ble::pal::vendor::nordic::nRF5xSecurityManager::get_security_manager();
static struct : ble::pal::SigningEventMonitor { static struct : ble::pal::SigningEventMonitor {
@ -217,7 +216,6 @@ const SecurityManager& nRF5xn::getSecurityManager() const
static ble::generic::GenericSecurityManager m_instance( static ble::generic::GenericSecurityManager m_instance(
m_pal, m_pal,
m_db,
const_cast<nRF5xGap&>(getGap()), const_cast<nRF5xGap&>(getGap()),
dummy_signing_event_monitor dummy_signing_event_monitor
); );

1
features/FEATURE_BLE/targets/TARGET_NORDIC/TARGET_NRF5/source/nRF5xn.h
View File

@ -22,7 +22,6 @@
#include "ble/BLEInstanceBase.h" #include "ble/BLEInstanceBase.h"
#include "ble/generic/GenericGattClient.h" #include "ble/generic/GenericGattClient.h"
#include "ble/generic/GenericSecurityManager.h" #include "ble/generic/GenericSecurityManager.h"
#include "ble/pal/MemorySecurityDb.h"
#include "ble/pal/SimpleEventQueue.h" #include "ble/pal/SimpleEventQueue.h"
#include "nRF5xPalSecurityManager.h" #include "nRF5xPalSecurityManager.h"