ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Nordic BLE: SM pal function draft (legacy pairing)

pull/6188/head
Vincent Coubard 2018-01-17 15:50:57 +00:00
parent 5277f5a0fd
commit 7e37cc739f
2 changed files with 144 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

148
features/FEATURE_BLE/targets/TARGET_NORDIC/TARGET_NRF5/source/nRF5xPalSecurityManager.cpp
View File

@ -15,12 +15,21 @@
*/
#include "nRF5xPalSecurityManager.h"
#include "nrf_ble_gap.h"
namespace ble {
namespace pal {
namespace vendor {
namespace nordic {
namespace {
static ble_error_t convert_sd_error(uint32_t err) {
// TODO: implementation
return err ? BLE_ERROR_UNSPECIFIED : BLE_ERROR_NONE;
}
}
nRF5xSecurityManager::nRF5xSecurityManager() : ::ble::pal::SecurityManager()
{
@ -54,6 +63,9 @@ ble_error_t nRF5xSecurityManager::reset()
// Resolving list management
//
// FIXME: on nordic, the irk is passed in sd_ble_gap_scan_start where whitelist
// and resolving list are all mixed up.
uint8_t nRF5xSecurityManager::read_resolving_list_capacity()
{
// FIXME: implement
@ -104,6 +116,7 @@ ble_error_t nRF5xSecurityManager::get_secure_connections_support(
ble_error_t nRF5xSecurityManager::set_authentication_timeout(
connection_handle_t, uint16_t timeout_in_10ms
) {
// NOTE: Nothing in the Nordic API to manipulate the authentication timeout
return BLE_ERROR_NOT_IMPLEMENTED;
}
@ -119,11 +132,19 @@ ble_error_t nRF5xSecurityManager::get_authentication_timeout(
ble_error_t nRF5xSecurityManager::enable_encryption(connection_handle_t connection)
{
// use sd_ble_gap_encrypt it requires:
// - ediv
// - rand
// - ltk
// - flag indicating if the key was generated with lesc
// - flag indicated if the key is an authenticated key
// - flag indicating the length of the ltk ???
return BLE_ERROR_NOT_IMPLEMENTED;
}
ble_error_t nRF5xSecurityManager::disable_encryption(connection_handle_t connection)
{
// NO FUNCTION to disable encryption
return BLE_ERROR_NOT_IMPLEMENTED;
}
@ -161,17 +182,20 @@ ble_error_t nRF5xSecurityManager::set_private_address_timeout(
ble_error_t nRF5xSecurityManager::set_ltk(
connection_handle_t connection, ltk_t ltk
) {
// usefulness ?
return BLE_ERROR_NOT_IMPLEMENTED;
}
ble_error_t nRF5xSecurityManager::set_irk(const irk_t& irk)
{
return BLE_ERROR_NOT_IMPLEMENTED;
memcpy(_irk, irk, sizeof(_irk));
return BLE_ERROR_NONE;
}
ble_error_t nRF5xSecurityManager::set_csrk(const csrk_t& csrk)
{
return BLE_ERROR_NOT_IMPLEMENTED;
memcpy(_csrk, csrk, sizeof(_csrk));
return BLE_ERROR_NONE;
}
ble_error_t nRF5xSecurityManager::generate_irk()
@ -197,7 +221,35 @@ ble_error_t nRF5xSecurityManager::send_pairing_request(
key_distribution_t initiator_dist,
key_distribution_t responder_dist
) {
return BLE_ERROR_NOT_IMPLEMENTED;
ble_gap_sec_params_t security_params = {
/* bond */ static_cast<uint8_t>((authentication_requirements >> 0) & 3),
/* mitm */ static_cast<uint8_t>((authentication_requirements >> 2) & 1),
/* lesc */ static_cast<uint8_t>((authentication_requirements >> 3) & 1),
/* keypress */ static_cast<uint8_t>((authentication_requirements >> 4) & 1),
/* io_caps */ io_capability.value(),
/* oob */ oob_data_flag,
/* min_key_size */ 7, // FIXME!
/* max_key_size */ maximum_encryption_key_size,
/* kdist_periph */ {
/* enc */ static_cast<uint8_t>((responder_dist >> 0) & 1),
/* id */ static_cast<uint8_t>((responder_dist >> 1) & 1),
/* sign */ static_cast<uint8_t>((responder_dist >> 2) & 1),
/* link */ static_cast<uint8_t>((responder_dist >> 3) & 1)
},
/* kdist_central */ {
/* enc */ static_cast<uint8_t>((initiator_dist >> 0) & 1),
/* id */ static_cast<uint8_t>((initiator_dist >> 1) & 1),
/* sign */ static_cast<uint8_t>((initiator_dist >> 2) & 1),
/* link */ static_cast<uint8_t>((initiator_dist >> 3) & 1)
}
};
uint32_t err = sd_ble_gap_authenticate(
connection,
&security_params
);
return convert_sd_error(err);
}
ble_error_t nRF5xSecurityManager::send_pairing_response(
@ -209,18 +261,86 @@ ble_error_t nRF5xSecurityManager::send_pairing_response(
key_distribution_t initiator_dist,
key_distribution_t responder_dist
) {
return BLE_ERROR_NOT_IMPLEMENTED;
ble_gap_sec_params_t security_params = {
/* bond */ static_cast<uint8_t>((authentication_requirements >> 0) & 3),
/* mitm */static_cast<uint8_t>((authentication_requirements >> 2) & 1),
/* lesc */ static_cast<uint8_t>((authentication_requirements >> 3) & 1),
/* keypress */ static_cast<uint8_t>((authentication_requirements >> 4) & 1),
/* io_caps */ io_capability.value(),
/* oob */ oob_data_flag,
/* min_key_size */ 7, // FIXME!
/* max_key_size */ maximum_encryption_key_size,
/* kdist_periph */ {
/* enc */ static_cast<uint8_t>((responder_dist >> 0) & 1),
/* id */ static_cast<uint8_t>((responder_dist >> 1) & 1),
/* sign */ static_cast<uint8_t>((responder_dist >> 2) & 1),
/* link */ static_cast<uint8_t>((responder_dist >> 3) & 1)
},
/* kdist_central */ {
/* enc */ static_cast<uint8_t>((initiator_dist >> 0) & 1),
/* id */ static_cast<uint8_t>((initiator_dist >> 1) & 1),
/* sign */ static_cast<uint8_t>((initiator_dist >> 2) & 1),
/* link */ static_cast<uint8_t>((initiator_dist >> 3) & 1)
}
};
ble_gap_sec_keyset_t keyset = {
/* keys_own */ {
/* encryption key */ NULL,
/* id key */ NULL, /* FIXME: pass in the IRK mixed up with address ?!?*/
/* signing key */ NULL, /* FIXME: put _csrk in the type of data structure used by nordic */
/* P-256 Public Key */ NULL
},
/* keys_peer */ {
// FIXME: The softdevice requires the application to maintain this memory chunk ...
}
};
uint32_t err = sd_ble_gap_sec_params_reply(
connection,
/* status */ BLE_GAP_SEC_STATUS_SUCCESS,
/* params */ &security_params,
/* keys ... */ &keyset
);
return convert_sd_error(err);
}
ble_error_t nRF5xSecurityManager::cancel_pairing(
connection_handle_t connection, pairing_failure_t reason
) {
return BLE_ERROR_NOT_IMPLEMENTED;
// FIXME: there is no fixed function that can be used to cancel pairing all
// the time. However sd_ble_gap_sec_params_reply should be used to cancel a
// pairing after a pairing request
uint32_t err = sd_ble_gap_sec_params_reply(
connection,
/* status */ reason.value() | 0x80,
/* params */ NULL,
/* keys ... */ NULL
);
return convert_sd_error(err);
}
ble_error_t nRF5xSecurityManager::request_authentication(connection_handle_t connection)
{
return BLE_ERROR_NOT_IMPLEMENTED;
uint8_t authentication_requirements;
// FIXME: need authentication requirements from the caller
ble_gap_sec_params_t security_params = {
/* bond */ static_cast<uint8_t>((authentication_requirements >> 0) & 3),
/* mitm */static_cast<uint8_t>((authentication_requirements >> 2) & 1),
/* lesc */ static_cast<uint8_t>((authentication_requirements >> 3) & 1),
/* keypress */ static_cast<uint8_t>((authentication_requirements >> 4) & 1)
/* other parameters ignored ??? TODO: check*/
};
uint32_t err = sd_ble_gap_authenticate(
connection,
&security_params
);
return convert_sd_error(err);
}
ble_error_t nRF5xSecurityManager::get_random_data(random_data_t &random_data)
@ -235,13 +355,25 @@ ble_error_t nRF5xSecurityManager::get_random_data(random_data_t &random_data)
ble_error_t nRF5xSecurityManager::passkey_request_reply(
connection_handle_t connection, const passkey_num_t passkey
) {
return BLE_ERROR_NONE;
uint32_t err = sd_ble_gap_auth_key_reply(
connection,
BLE_GAP_AUTH_KEY_TYPE_PASSKEY,
/* FIXME: convert passkey_num into and asci key */ NULL
);
return convert_sd_error(err);
}
ble_error_t nRF5xSecurityManager::oob_data_request_reply(
connection_handle_t connection, const oob_data_t& oob_data
) {
return BLE_ERROR_NOT_IMPLEMENTED;
uint32_t err = sd_ble_gap_auth_key_reply(
connection,
BLE_GAP_AUTH_KEY_TYPE_OOB,
oob_data
);
return convert_sd_error(err);
}
ble_error_t nRF5xSecurityManager::confirmation_entered(

4
features/FEATURE_BLE/targets/TARGET_NORDIC/TARGET_NRF5/source/nRF5xPalSecurityManager.h
View File

@ -273,6 +273,10 @@ public:
// Event handler
// FIXME: set proper event handling type
static bool sm_handler();
private:
irk_t _irk;
csrk_t _csrk;
};
} // nordic