From 608ad338e87bdbd1e931b59f82cbfff9d5672767 Mon Sep 17 00:00:00 2001 From: paul-szczepanek-arm <33840200+paul-szczepanek-arm@users.noreply.github.com> Date: Fri, 18 May 2018 10:24:16 +0100 Subject: [PATCH 1/6] return error when not initialised --- .../source/generic/GenericSecurityManager.cpp | 43 +++++++++++++------ 1 file changed, 31 insertions(+), 12 deletions(-) diff --git a/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp b/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp index bb03c2f548..9f2f527b0e 100644 --- a/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp +++ b/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp @@ -123,7 +123,7 @@ ble_error_t GenericSecurityManager::reset(void) { } ble_error_t GenericSecurityManager::preserveBondingStateOnReset(bool enabled) { - MBED_ASSERT(_db); + if (!_db) return BLE_ERROR_INITIALIZATION_INCOMPLETE; _db->set_restore(enabled); return BLE_ERROR_NONE; } @@ -133,13 +133,13 @@ ble_error_t GenericSecurityManager::preserveBondingStateOnReset(bool enabled) { // ble_error_t GenericSecurityManager::purgeAllBondingState(void) { - MBED_ASSERT(_db); + if (!_db) return BLE_ERROR_INITIALIZATION_INCOMPLETE; _db->clear_entries(); return BLE_ERROR_NONE; } ble_error_t GenericSecurityManager::generateWhitelistFromBondTable(Gap::Whitelist_t *whitelist) const { - MBED_ASSERT(_db); + if (!_db) return BLE_ERROR_INITIALIZATION_INCOMPLETE; if (eventHandler) { _db->generate_whitelist_from_bond_table( mbed::callback(eventHandler, &::SecurityManager::EventHandler::whitelistFromBondTable), @@ -154,6 +154,7 @@ ble_error_t GenericSecurityManager::generateWhitelistFromBondTable(Gap::Whitelis // ble_error_t GenericSecurityManager::requestPairing(connection_handle_t connection) { + if (!_db) return BLE_ERROR_INITIALIZATION_INCOMPLETE; ControlBlock_t *cb = get_control_block(connection); if (!cb) { return BLE_ERROR_INVALID_PARAM; @@ -206,6 +207,7 @@ ble_error_t GenericSecurityManager::requestPairing(connection_handle_t connectio } ble_error_t GenericSecurityManager::acceptPairingRequest(connection_handle_t connection) { + if (!_db) return BLE_ERROR_INITIALIZATION_INCOMPLETE; ControlBlock_t *cb = get_control_block(connection); if (!cb) { return BLE_ERROR_INVALID_PARAM; @@ -263,10 +265,12 @@ ble_error_t GenericSecurityManager::acceptPairingRequest(connection_handle_t con } ble_error_t GenericSecurityManager::cancelPairingRequest(connection_handle_t connection) { + if (!_db) return BLE_ERROR_INITIALIZATION_INCOMPLETE; return _pal.cancel_pairing(connection, pairing_failure_t::UNSPECIFIED_REASON); } ble_error_t GenericSecurityManager::setPairingRequestAuthorisation(bool required) { + if (!_db) return BLE_ERROR_INITIALIZATION_INCOMPLETE; _pairing_authorisation_required = required; return BLE_ERROR_NONE; } @@ -289,10 +293,12 @@ ble_error_t GenericSecurityManager::getSecureConnectionsSupport(bool *enabled) { // ble_error_t GenericSecurityManager::setIoCapability(SecurityIOCapabilities_t iocaps) { + if (!_db) return BLE_ERROR_INITIALIZATION_INCOMPLETE; return _pal.set_io_capability((io_capability_t::type) iocaps); } ble_error_t GenericSecurityManager::setDisplayPasskey(const Passkey_t passkey) { + if (!_db) return BLE_ERROR_INITIALIZATION_INCOMPLETE; return _pal.set_display_passkey(PasskeyAscii::to_num(passkey)); } @@ -300,6 +306,7 @@ ble_error_t GenericSecurityManager::setAuthenticationTimeout( connection_handle_t connection, uint32_t timeout_in_ms ) { + if (!_db) return BLE_ERROR_INITIALIZATION_INCOMPLETE; return _pal.set_authentication_timeout(connection, timeout_in_ms / 10); } @@ -307,6 +314,7 @@ ble_error_t GenericSecurityManager::getAuthenticationTimeout( connection_handle_t connection, uint32_t *timeout_in_ms ) { + if (!_db) return BLE_ERROR_INITIALIZATION_INCOMPLETE; uint16_t timeout_in_10ms; ble_error_t status = _pal.get_authentication_timeout(connection, timeout_in_10ms); *timeout_in_ms = 10 * timeout_in_10ms; @@ -317,6 +325,7 @@ ble_error_t GenericSecurityManager::setLinkSecurity( connection_handle_t connection, SecurityMode_t securityMode ) { + if (!_db) return BLE_ERROR_INITIALIZATION_INCOMPLETE; ControlBlock_t *cb = get_control_block(connection); if (!cb) { return BLE_ERROR_INVALID_PARAM; @@ -348,6 +357,7 @@ ble_error_t GenericSecurityManager::setLinkSecurity( } ble_error_t GenericSecurityManager::setKeypressNotification(bool enabled) { + if (!_db) return BLE_ERROR_INITIALIZATION_INCOMPLETE; _default_authentication.set_keypress_notification(enabled); return BLE_ERROR_NONE; } @@ -356,7 +366,7 @@ ble_error_t GenericSecurityManager::enableSigning( connection_handle_t connection, bool enabled ) { - MBED_ASSERT(_db); + if (!_db) return BLE_ERROR_INITIALIZATION_INCOMPLETE; ControlBlock_t *cb = get_control_block(connection); if (!cb) { return BLE_ERROR_INVALID_PARAM; @@ -406,7 +416,7 @@ ble_error_t GenericSecurityManager::getLinkEncryption( connection_handle_t connection, link_encryption_t *encryption ) { - MBED_ASSERT(_db); + if (!_db) return BLE_ERROR_INITIALIZATION_INCOMPLETE; ControlBlock_t *cb = get_control_block(connection); if (!cb) { return BLE_ERROR_INVALID_PARAM; @@ -440,7 +450,7 @@ ble_error_t GenericSecurityManager::setLinkEncryption( connection_handle_t connection, link_encryption_t encryption ) { - MBED_ASSERT(_db); + if (!_db) return BLE_ERROR_INITIALIZATION_INCOMPLETE; ControlBlock_t *cb = get_control_block(connection); if (!cb) { return BLE_ERROR_INVALID_PARAM; @@ -511,7 +521,7 @@ ble_error_t GenericSecurityManager::getEncryptionKeySize( connection_handle_t connection, uint8_t *size ) { - MBED_ASSERT(_db); + if (!_db) return BLE_ERROR_INITIALIZATION_INCOMPLETE; ControlBlock_t *cb = get_control_block(connection); if (!cb) { return BLE_ERROR_INVALID_PARAM; @@ -530,6 +540,7 @@ ble_error_t GenericSecurityManager::setEncryptionKeyRequirements( uint8_t minimumByteSize, uint8_t maximumByteSize ) { + if (!_db) return BLE_ERROR_INITIALIZATION_INCOMPLETE; return _pal.set_encryption_key_requirements(minimumByteSize, maximumByteSize); } @@ -538,7 +549,7 @@ ble_error_t GenericSecurityManager::setEncryptionKeyRequirements( // ble_error_t GenericSecurityManager::getSigningKey(connection_handle_t connection, bool authenticated) { - MBED_ASSERT(_db); + if (!_db) return BLE_ERROR_INITIALIZATION_INCOMPLETE; ControlBlock_t *cb = get_control_block(connection); if (!cb) { return BLE_ERROR_INVALID_PARAM; @@ -576,6 +587,7 @@ ble_error_t GenericSecurityManager::getSigningKey(connection_handle_t connection // ble_error_t GenericSecurityManager::setPrivateAddressTimeout(uint16_t timeout_in_seconds) { + if (!_db) return BLE_ERROR_INITIALIZATION_INCOMPLETE; return _pal.set_private_address_timeout(timeout_in_seconds); } @@ -584,7 +596,7 @@ ble_error_t GenericSecurityManager::setPrivateAddressTimeout(uint16_t timeout_in // ble_error_t GenericSecurityManager::requestAuthentication(connection_handle_t connection) { - MBED_ASSERT(_db); + if (!_db) return BLE_ERROR_INITIALIZATION_INCOMPLETE; ControlBlock_t *cb = get_control_block(connection); if (!cb) { return BLE_ERROR_INVALID_PARAM; @@ -619,6 +631,7 @@ ble_error_t GenericSecurityManager::requestAuthentication(connection_handle_t co ble_error_t GenericSecurityManager::generateOOB( const address_t *address ) { + if (!_db) return BLE_ERROR_INITIALIZATION_INCOMPLETE; /* legacy pairing */ ble_error_t status = get_random_data(_oob_temporary_key.data(), 16); @@ -658,6 +671,7 @@ ble_error_t GenericSecurityManager::setOOBDataUsage( bool useOOB, bool OOBProvidesMITM ) { + if (!_db) return BLE_ERROR_INITIALIZATION_INCOMPLETE; ControlBlock_t *cb = get_control_block(connection); if (!cb) { return BLE_ERROR_INVALID_PARAM; @@ -677,6 +691,7 @@ ble_error_t GenericSecurityManager::confirmationEntered( connection_handle_t connection, bool confirmation ) { + if (!_db) return BLE_ERROR_INITIALIZATION_INCOMPLETE; return _pal.confirmation_entered(connection, confirmation); } @@ -684,6 +699,7 @@ ble_error_t GenericSecurityManager::passkeyEntered( connection_handle_t connection, Passkey_t passkey ) { + if (!_db) return BLE_ERROR_INITIALIZATION_INCOMPLETE; return _pal.passkey_request_reply( connection, PasskeyAscii::to_num(passkey) @@ -694,6 +710,7 @@ ble_error_t GenericSecurityManager::sendKeypressNotification( connection_handle_t connection, Keypress_t keypress ) { + if (!_db) return BLE_ERROR_INITIALIZATION_INCOMPLETE; return _pal.send_keypress_notification(connection, keypress); } @@ -701,7 +718,7 @@ ble_error_t GenericSecurityManager::legacyPairingOobReceived( const address_t *address, const oob_tk_t *tk ) { - MBED_ASSERT(_db); + if (!_db) return BLE_ERROR_INITIALIZATION_INCOMPLETE; if (address && tk) { ControlBlock_t *cb = get_control_block(*address); if (!cb) { @@ -736,6 +753,7 @@ ble_error_t GenericSecurityManager::oobReceived( const oob_lesc_value_t *random, const oob_confirm_t *confirm ) { + if (!_db) return BLE_ERROR_INITIALIZATION_INCOMPLETE; if (address && random && confirm) { _oob_peer_address = *address; _oob_peer_random = *random; @@ -751,7 +769,7 @@ ble_error_t GenericSecurityManager::oobReceived( // ble_error_t GenericSecurityManager::init_signing() { - MBED_ASSERT(_db); + if (!_db) return BLE_ERROR_INITIALIZATION_INCOMPLETE; const csrk_t *pcsrk = _db->get_local_csrk(); sign_count_t local_sign_counter = _db->get_local_sign_counter(); @@ -791,6 +809,7 @@ ble_error_t GenericSecurityManager::get_random_data(uint8_t *buffer, size_t size } ble_error_t GenericSecurityManager::slave_security_request(connection_handle_t connection) { + if (!_db) return BLE_ERROR_INITIALIZATION_INCOMPLETE; ControlBlock_t *cb = get_control_block(connection); if (!cb) { return BLE_ERROR_INVALID_PARAM; @@ -801,7 +820,7 @@ ble_error_t GenericSecurityManager::slave_security_request(connection_handle_t c } ble_error_t GenericSecurityManager::enable_encryption(connection_handle_t connection) { - MBED_ASSERT(_db); + if (!_db) return BLE_ERROR_INITIALIZATION_INCOMPLETE; ControlBlock_t *cb = get_control_block(connection); if (!cb) { return BLE_ERROR_INVALID_PARAM; From 439d002f7df62e8f597ca50e9c0a52b7761a52eb Mon Sep 17 00:00:00 2001 From: paul-szczepanek-arm <33840200+paul-szczepanek-arm@users.noreply.github.com> Date: Fri, 18 May 2018 12:34:52 +0100 Subject: [PATCH 2/6] new API call to change db at runtime --- features/FEATURE_BLE/ble/SecurityManager.h | 20 ++++++-- .../ble/generic/GenericSecurityManager.h | 2 + .../source/generic/GenericSecurityManager.cpp | 49 ++++++++++++------- 3 files changed, 49 insertions(+), 22 deletions(-) diff --git a/features/FEATURE_BLE/ble/SecurityManager.h b/features/FEATURE_BLE/ble/SecurityManager.h index c99ebd702a..548805c191 100644 --- a/features/FEATURE_BLE/ble/SecurityManager.h +++ b/features/FEATURE_BLE/ble/SecurityManager.h @@ -441,7 +441,7 @@ public: * support out-of-band exchanges of security data. * @param[in] passkey To specify a static passkey. * @param[in] signing Generate and distribute signing key during pairing - * @param[in] dbPath Path to the folder used to store keys in the filesystem, + * @param[in] dbPath Path to the file used to store keys in the filesystem, * if NULL keys will be only stored in memory * * @@ -452,17 +452,31 @@ public: SecurityIOCapabilities_t iocaps = IO_CAPS_NONE, const Passkey_t passkey = NULL, bool signing = true, - const char *dbPath = NULL) { + const char *dbFilepath = NULL) { /* Avoid compiler warnings about unused variables. */ (void)enableBonding; (void)requireMITM; (void)iocaps; (void)passkey; - (void)dbPath; + (void)dbFilepath; return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */ } + /** + * Change the file used for the security datagse. If path is invalid or a NULL is passed + * keys will only be stored in memory. + * + * @param[in] dbPath Path to the file used to store keys in the filesystem, + * if NULL keys will be only stored in memory + * + * @return BLE_ERROR_NONE on success. + */ + virtual ble_error_t setDatabaseFile(const char *dbFilepath = NULL) { + (void)dbFilepath; + return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */ + } + /** * Notify all registered onShutdown callbacks that the SecurityManager is * about to be shutdown and clear all SecurityManager state of the diff --git a/features/FEATURE_BLE/ble/generic/GenericSecurityManager.h b/features/FEATURE_BLE/ble/generic/GenericSecurityManager.h index f5f060a5e6..4dca909fc7 100644 --- a/features/FEATURE_BLE/ble/generic/GenericSecurityManager.h +++ b/features/FEATURE_BLE/ble/generic/GenericSecurityManager.h @@ -53,6 +53,8 @@ public: const char* db_path = NULL ); + virtual ble_error_t setDatabaseFile(const char *db_path = NULL); + virtual ble_error_t reset(); virtual ble_error_t preserveBondingStateOnReset( diff --git a/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp b/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp index 9f2f527b0e..588e69ceaa 100644 --- a/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp +++ b/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp @@ -43,29 +43,16 @@ ble_error_t GenericSecurityManager::init( const char* db_path ) { - ble_error_t err = _pal.initialize(); - if (err) { - return err; + ble_error_t result = _pal.initialize(); + if (result != BLE_ERROR_NONE) { + return result; } - if (_db) { - delete _db; + result = setDatabaseFile(db_path); + if (result != BLE_ERROR_NONE) { + return result; } - FILE* db_file = FileSecurityDb::open_db_file(db_path); - - if (db_file) { - _db = new (std::nothrow) FileSecurityDb(db_file); - } else { - _db = new (std::nothrow) MemorySecurityDb(); - } - - if (!_db) { - return BLE_ERROR_NO_MEM; - } - - _db->restore(); - _pal.set_io_capability((io_capability_t::type) iocaps); if (passkey) { @@ -115,6 +102,30 @@ ble_error_t GenericSecurityManager::init( return BLE_ERROR_NONE; } +ble_error_t GenericSecurityManager::setDatabaseFile( + const char *db_path +) { + if (_db) { + delete _db; + } + + FILE* db_file = FileSecurityDb::open_db_file(db_path); + + if (db_file) { + _db = new (std::nothrow) FileSecurityDb(db_file); + } else { + _db = new (std::nothrow) MemorySecurityDb(); + } + + if (!_db) { + return BLE_ERROR_NO_MEM; + } + + _db->restore(); + + return BLE_ERROR_NONE; +} + ble_error_t GenericSecurityManager::reset(void) { _pal.reset(); SecurityManager::reset(); From 9da64e529e96ab7941e89756bc9272adf1bf8ae6 Mon Sep 17 00:00:00 2001 From: paul-szczepanek-arm <33840200+paul-szczepanek-arm@users.noreply.github.com> Date: Fri, 18 May 2018 13:46:55 +0100 Subject: [PATCH 3/6] refactor into separate functions for readability and correctness of pal matching db --- features/FEATURE_BLE/ble/SecurityManager.h | 6 +- .../ble/generic/GenericSecurityManager.h | 18 +++- .../source/generic/GenericSecurityManager.cpp | 90 +++++++++++++------ 3 files changed, 82 insertions(+), 32 deletions(-) diff --git a/features/FEATURE_BLE/ble/SecurityManager.h b/features/FEATURE_BLE/ble/SecurityManager.h index 548805c191..358e2478a4 100644 --- a/features/FEATURE_BLE/ble/SecurityManager.h +++ b/features/FEATURE_BLE/ble/SecurityManager.h @@ -464,15 +464,17 @@ public: } /** - * Change the file used for the security datagse. If path is invalid or a NULL is passed + * Change the file used for the security database. If path is invalid or a NULL is passed * keys will only be stored in memory. * + * @note This operation is only allowed with no active connections. + * * @param[in] dbPath Path to the file used to store keys in the filesystem, * if NULL keys will be only stored in memory * * @return BLE_ERROR_NONE on success. */ - virtual ble_error_t setDatabaseFile(const char *dbFilepath = NULL) { + virtual ble_error_t setDatabaseFilepath(const char *dbFilepath = NULL) { (void)dbFilepath; return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */ } diff --git a/features/FEATURE_BLE/ble/generic/GenericSecurityManager.h b/features/FEATURE_BLE/ble/generic/GenericSecurityManager.h index 4dca909fc7..b2a2e8ff97 100644 --- a/features/FEATURE_BLE/ble/generic/GenericSecurityManager.h +++ b/features/FEATURE_BLE/ble/generic/GenericSecurityManager.h @@ -53,7 +53,7 @@ public: const char* db_path = NULL ); - virtual ble_error_t setDatabaseFile(const char *db_path = NULL); + virtual ble_error_t setDatabaseFilepath(const char *db_path = NULL); virtual ble_error_t reset(); @@ -265,6 +265,22 @@ public: // private: + + /** + * Initialise the database, if database already exists it will close it and open the new one. + * + * @param db_path path to file to store secure db + * @return BLE_ERROR_NONE or appropriate error code indicating the failure reason. + */ + ble_error_t init_database(const char *db_path = NULL); + + /** + * Generate identity list based on the database of IRK and apply it to the resolving list. + * + * @return BLE_ERROR_NONE or appropriate error code indicating the failure reason. + */ + ble_error_t init_resolving_list(); + /** * Generate the CSRK if needed. * diff --git a/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp b/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp index 588e69ceaa..d09f1d1f64 100644 --- a/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp +++ b/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp @@ -48,7 +48,7 @@ ble_error_t GenericSecurityManager::init( return result; } - result = setDatabaseFile(db_path); + result = init_database(db_path); if (result != BLE_ERROR_NONE) { return result; } @@ -79,49 +79,38 @@ ble_error_t GenericSecurityManager::init( init_signing(); } + init_resolving_list(); + _connection_monitor.set_connection_event_handler(this); _signing_monitor.set_signing_event_handler(this); _pal.set_event_handler(this); - uint8_t resolving_list_capacity = _pal.read_resolving_list_capacity(); - SecurityEntryIdentity_t* identity_list_p = - new (std::nothrow) SecurityEntryIdentity_t[resolving_list_capacity]; - - if (identity_list_p) { - ArrayView identity_list( - identity_list_p, - resolving_list_capacity - ); - - _db->get_identity_list( - mbed::callback(this, &GenericSecurityManager::on_identity_list_retrieved), - identity_list - ); - } - return BLE_ERROR_NONE; } -ble_error_t GenericSecurityManager::setDatabaseFile( +ble_error_t GenericSecurityManager::setDatabaseFilepath( const char *db_path ) { - if (_db) { - delete _db; + if (!_db) return BLE_ERROR_INITIALIZATION_INCOMPLETE; + + /* operation only allowed with no connections active */ + for (size_t i = 0; i < MAX_CONTROL_BLOCKS; i++) { + if (_control_blocks[i].connected) { + return BLE_ERROR_OPERATION_NOT_PERMITTED; + } } - FILE* db_file = FileSecurityDb::open_db_file(db_path); - - if (db_file) { - _db = new (std::nothrow) FileSecurityDb(db_file); - } else { - _db = new (std::nothrow) MemorySecurityDb(); + ble_error_t result = init_database(db_path); + if (result != BLE_ERROR_NONE) { + return result; } - if (!_db) { - return BLE_ERROR_NO_MEM; + result = init_database(db_path); + if (result != BLE_ERROR_NONE) { + return result; } - _db->restore(); + init_resolving_list(); return BLE_ERROR_NONE; } @@ -779,6 +768,49 @@ ble_error_t GenericSecurityManager::oobReceived( // Helper functions // +ble_error_t GenericSecurityManager::init_database( + const char *db_path +) { + if (_db) { + delete _db; + } + + FILE* db_file = FileSecurityDb::open_db_file(db_path); + + if (db_file) { + _db = new (std::nothrow) FileSecurityDb(db_file); + } else { + _db = new (std::nothrow) MemorySecurityDb(); + } + + if (!_db) { + return BLE_ERROR_NO_MEM; + } + + _db->restore(); + + return BLE_ERROR_NONE; +} + +ble_error_t GenericSecurityManager::init_resolving_list() { + /* match the resolving list to the currently stored set of IRKs */ + uint8_t resolving_list_capacity = _pal.read_resolving_list_capacity(); + SecurityEntryIdentity_t* identity_list_p = + new (std::nothrow) SecurityEntryIdentity_t[resolving_list_capacity]; + + if (identity_list_p) { + ArrayView identity_list( + identity_list_p, + resolving_list_capacity + ); + + _db->get_identity_list( + mbed::callback(this, &GenericSecurityManager::on_identity_list_retrieved), + identity_list + ); + } +} + ble_error_t GenericSecurityManager::init_signing() { if (!_db) return BLE_ERROR_INITIALIZATION_INCOMPLETE; const csrk_t *pcsrk = _db->get_local_csrk(); From ace491d430ae6264d6f8005aac3544890186f952 Mon Sep 17 00:00:00 2001 From: paul-szczepanek-arm <33840200+paul-szczepanek-arm@users.noreply.github.com> Date: Fri, 18 May 2018 13:54:15 +0100 Subject: [PATCH 4/6] remove duplicate call --- .../FEATURE_BLE/source/generic/GenericSecurityManager.cpp | 5 ----- 1 file changed, 5 deletions(-) diff --git a/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp b/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp index d09f1d1f64..bbfa5d28f6 100644 --- a/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp +++ b/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp @@ -105,11 +105,6 @@ ble_error_t GenericSecurityManager::setDatabaseFilepath( return result; } - result = init_database(db_path); - if (result != BLE_ERROR_NONE) { - return result; - } - init_resolving_list(); return BLE_ERROR_NONE; From cd9f12ab45868656c8acc2ccd85985d0aaf7fce9 Mon Sep 17 00:00:00 2001 From: paul-szczepanek-arm <33840200+paul-szczepanek-arm@users.noreply.github.com> Date: Fri, 18 May 2018 13:59:30 +0100 Subject: [PATCH 5/6] return error codes --- .../FEATURE_BLE/source/generic/GenericSecurityManager.cpp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp b/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp index bbfa5d28f6..903e271aa9 100644 --- a/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp +++ b/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp @@ -788,6 +788,8 @@ ble_error_t GenericSecurityManager::init_database( } ble_error_t GenericSecurityManager::init_resolving_list() { + if (!_db) return BLE_ERROR_INITIALIZATION_INCOMPLETE; + /* match the resolving list to the currently stored set of IRKs */ uint8_t resolving_list_capacity = _pal.read_resolving_list_capacity(); SecurityEntryIdentity_t* identity_list_p = @@ -803,7 +805,11 @@ ble_error_t GenericSecurityManager::init_resolving_list() { mbed::callback(this, &GenericSecurityManager::on_identity_list_retrieved), identity_list ); + } else { + return BLE_ERROR_NO_MEM; } + + return BLE_ERROR_NONE; } ble_error_t GenericSecurityManager::init_signing() { From 17e8ed9401abf725069109ce6e303cda0a4f5afe Mon Sep 17 00:00:00 2001 From: paul-szczepanek-arm <33840200+paul-szczepanek-arm@users.noreply.github.com> Date: Mon, 21 May 2018 11:34:40 +0100 Subject: [PATCH 6/6] forward resolving list init --- .../source/generic/GenericSecurityManager.cpp | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp b/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp index 903e271aa9..29adce2ba4 100644 --- a/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp +++ b/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp @@ -42,13 +42,14 @@ ble_error_t GenericSecurityManager::init( bool signing, const char* db_path ) { - ble_error_t result = _pal.initialize(); + if (result != BLE_ERROR_NONE) { return result; } result = init_database(db_path); + if (result != BLE_ERROR_NONE) { return result; } @@ -79,12 +80,17 @@ ble_error_t GenericSecurityManager::init( init_signing(); } - init_resolving_list(); - _connection_monitor.set_connection_event_handler(this); _signing_monitor.set_signing_event_handler(this); _pal.set_event_handler(this); + result = init_resolving_list(); + + if (result != BLE_ERROR_NONE) { + delete _db; + return result; + } + return BLE_ERROR_NONE; } @@ -766,9 +772,7 @@ ble_error_t GenericSecurityManager::oobReceived( ble_error_t GenericSecurityManager::init_database( const char *db_path ) { - if (_db) { - delete _db; - } + delete _db; FILE* db_file = FileSecurityDb::open_db_file(db_path);