ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

naive memory implementation for verification purposes

pull/6188/head
paul-szczepanek-arm 2018-01-23 16:01:54 +00:00
parent c476fceba3
commit 8ef3311be0
2 changed files with 312 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

343
features/FEATURE_BLE/ble/generic/GenericSecurityDb.h
View File

@ -101,7 +101,9 @@ public:
* @param[in] handle valid connection handle
* @return pointer to security entry, NULL if handle was invalid
*/
virtual SecurityEntry_t* get_entry(connection_handle_t connection);
virtual SecurityEntry_t* get_entry(
connection_handle_t connection
) = 0;
/* local keys */
@ -111,34 +113,33 @@ public:
connection_handle_t connection,
const ediv_t ediv,
const rand_t rand
);
) = 0;
/* set */
virtual void set_entry_local_ltk(
connection_handle_t connection,
const ltk_t ltk
);
) = 0;
virtual void set_entry_local_ediv_rand(
connection_handle_t connection,
const ediv_t ediv,
const rand_t rand
);
) = 0;
/* peer's keys */
/* get */
virtual void get_entry_csrk(
virtual void get_entry_peer_csrk(
SecurityEntryCsrkDbCb_t cb,
connection_handle_t connection
);
virtual void get_entry_peer_keys(
SecurityEntryKeysDbCb_t cb,
const ediv_t ediv,
const rand_t rand
);
) = 0;
virtual void get_entry_peer_keys(
SecurityEntryKeysDbCb_t cb,
connection_handle_t connection
);
) = 0;
/* set */
virtual void set_entry_peer(
connection_handle_t connection,
@ -149,36 +150,41 @@ public:
const ltk_t ltk,
const irk_t irk,
const csrk_t csrk
);
) = 0;
virtual void set_entry_peer_ltk(
connection_handle_t connection,
const ltk_t ltk
);
) = 0;
virtual void set_entry_peer_ediv_rand(
connection_handle_t connection,
const ediv_t ediv,
const rand_t rand
);
) = 0;
virtual void set_entry_peer_irk(
connection_handle_t connection,
const irk_t irk
);
) = 0;
virtual void set_entry_peer_bdaddr(
connection_handle_t connection,
bool address_is_public,
const address_t &peer_address
);
) = 0;
virtual void set_entry_peer_csrk(
connection_handle_t connection,
const csrk_t csrk
);
) = 0;
/* local csrk */
virtual const csrk_t* get_local_csrk();
virtual const csrk_t* get_local_csrk() = 0;
virtual void set_local_csrk(
const csrk_t csrk
);
) = 0;
/* list management */
@ -192,7 +198,10 @@ public:
*
* @return pointer to entry newly created or located existing entry.
*/
virtual SecurityEntry_t* connect_entry(connection_handle_t connection, address_t peer_address);
virtual SecurityEntry_t* connect_entry(
connection_handle_t connection,
address_t peer_address
) = 0;
/**
* Create a new entry or retrieve existing stored entry
@ -201,24 +210,294 @@ public:
*
* @param connection this handle will be freed up from the security db
*/
virtual SecurityEntry_t* disconnect_entry(connection_handle_t connection);
virtual void disconnect_entry(
connection_handle_t connection
) = 0;
virtual void remove_entry(address_t peer_identity_address);
virtual void clear_entries();
virtual void remove_entry(address_t peer_identity_address) = 0;
virtual void clear_entries() = 0;
virtual void get_whitelist(WhitelistDbCb_t cb);
virtual void get_whitelist(WhitelistDbCb_t cb) = 0;
virtual void update_whitelist(Gap::Whitelist_t& whitelist);
virtual void add_whitelist_entry(const address_t &address);
virtual void update_whitelist(Gap::Whitelist_t& whitelist) = 0;
virtual void add_whitelist_entry(const address_t &address) = 0;
virtual void remove_whitelist_entry(const address_t &address);
virtual void clear_whitelist();
virtual void remove_whitelist_entry(const address_t &address) = 0;
virtual void clear_whitelist() = 0;
/* saving and loading from nvm */
virtual void restore();
virtual void sync();
virtual void set_restore(bool reload);
virtual void restore() = 0;
virtual void sync() = 0;
virtual void set_restore(bool reload) = 0;
protected:
virtual bool resolve_to_identity_address(address_t peer_address, address_t identity_address) {
/*TODO: resolve*/
return (peer_address == identity_address);
}
};
/* naive memory implementation for verification */
class MemoryGenericSecurityDb : public GenericSecurityDb {
private:
struct db_store_t {
db_store_t() { };
SecurityEntry_t entry;
SecurityEntryKeys_t key;
SecurityEntryIdentity_t identity;
};
static const size_t MAX_ENTRIES = 5;
public:
MemoryGenericSecurityDb() { };
virtual ~MemoryGenericSecurityDb() { };
/**
* Return immediately security entry containing the state
* information for active connection.
* @param[in] handle valid connection handle
* @return pointer to security entry, NULL if handle was invalid
*/
virtual SecurityEntry_t* get_entry(connection_handle_t connection) {
SecurityEntry_t *entry = NULL;
db_store_t *store = get_store(connection);
if (store) {
entry = &store->entry;
}
return entry;
}
/* local keys */
/* get */
virtual void get_entry_local_keys(
SecurityEntryKeysDbCb_t cb,
connection_handle_t connection,
const ediv_t ediv,
const rand_t rand
) {
SecurityEntry_t *entry = NULL;
db_store_t *store = get_store(connection);
if (store) {
entry = &store->entry;
}
cb(*entry, _local_keys);
}
/* set */
virtual void set_entry_local_ltk(
connection_handle_t connection,
const ltk_t ltk
) {
memcpy(_local_keys.ltk, ltk, sizeof(ltk_t));
}
virtual void set_entry_local_ediv_rand(
connection_handle_t connection,
const ediv_t ediv,
const rand_t rand
) {
memcpy(_local_keys.ediv, ediv, sizeof(ediv_t));
memcpy(_local_keys.rand, rand, sizeof(rand_t));
}
/* peer's keys */
/* get */
virtual void get_entry_peer_csrk(
SecurityEntryCsrkDbCb_t cb,
connection_handle_t connection
) {
SecurityEntry_t *entry = NULL;
SecurityEntryIdentity_t *identity = NULL;
db_store_t *store = get_store(connection);
if (store) {
entry = &store->entry;
identity = &store->identity;
}
cb(entry->handle, identity->csrk);
}
virtual void get_entry_peer_keys(
SecurityEntryKeysDbCb_t cb,
connection_handle_t connection
) {
SecurityEntry_t *entry = NULL;
SecurityEntryKeys_t *key = NULL;
db_store_t *store = get_store(connection);
if (store) {
entry = &store->entry;
key = &store->key;
}
cb(*entry, *key);
}
/* set */
virtual void set_entry_peer(
connection_handle_t connection,
bool address_is_public,
const address_t &peer_address,
const ediv_t ediv,
const rand_t rand,
const ltk_t ltk,
const irk_t irk,
const csrk_t csrk
) {
db_store_t *store = get_store(connection);
if (store) {
store->entry.peer_identity_address = peer_address;
memcpy(store->key.ltk, ltk, sizeof(ltk_t));
memcpy(store->key.ediv, ediv, sizeof(ediv_t));
memcpy(store->key.rand, rand, sizeof(rand_t));
memcpy(store->identity.irk, irk, sizeof(irk_t));
memcpy(store->identity.csrk, csrk, sizeof(csrk_t));
}
}
virtual void set_entry_peer_ltk(
connection_handle_t connection,
const ltk_t ltk
) {
db_store_t *store = get_store(connection);
if (store) {
memcpy(store->key.ltk, ltk, sizeof(ltk_t));
}
}
virtual void set_entry_peer_ediv_rand(
connection_handle_t connection,
const ediv_t ediv,
const rand_t rand
) {
db_store_t *store = get_store(connection);
if (store) {
memcpy(store->key.ediv, ediv, sizeof(ediv_t));
memcpy(store->key.rand, rand, sizeof(rand_t));
}
}
virtual void set_entry_peer_irk(
connection_handle_t connection,
const irk_t irk
) {
db_store_t *store = get_store(connection);
if (store) {
memcpy(store->identity.irk, irk, sizeof(irk_t));
}
}
virtual void set_entry_peer_bdaddr(
connection_handle_t connection,
bool address_is_public,
const address_t &peer_address
) {
db_store_t *store = get_store(connection);
if (store) {
store->entry.peer_identity_address = peer_address;
}
}
virtual void set_entry_peer_csrk(
connection_handle_t connection,
const csrk_t csrk
) {
db_store_t *store = get_store(connection);
if (store) {
memcpy(store->identity.csrk, csrk, sizeof(csrk_t));
}
}
/* local csrk */
virtual const csrk_t* get_local_csrk() {
return &_local_identity.csrk;
}
virtual void set_local_csrk(const csrk_t csrk) {
memcpy(&_local_identity.csrk, csrk, sizeof(csrk_t));
}
/* list management */
/**
* Create a new entry or retrieve existing stored entry
* and put it in the live connections store to be retrieved
* synchronously through connection handle.
*
* @param connection this will be the index for live entries.
* @param peer_address this address will be used to locate existing entry.
*
* @return pointer to entry newly created or located existing entry.
*/
virtual SecurityEntry_t* connect_entry(connection_handle_t connection, address_t peer_address) {
for (size_t i = 0; i < MAX_ENTRIES; i++) {
if (_db[i].entry.connected) {
continue;
} else if (resolve_to_identity_address(peer_address, _db[i].entry.peer_identity_address)) {
return &_db[i].entry;
}
}
/* if we din't find one grab the first disconnected slot*/
for (size_t i = 0; i < MAX_ENTRIES; i++) {
if (!_db[i].entry.connected) {
_db[i] = db_store_t();
return &_db[i].entry;
}
}
return NULL;
}
/**
* Create a new entry or retrieve existing stored entry
* and put it in the live connections store to be retrieved
* synchronously through connection handle.
*
* @param connection this handle will be freed up from the security db
*/
virtual void disconnect_entry(connection_handle_t connection) { }
virtual void remove_entry(address_t peer_identity_address);
virtual void clear_entries() {
for (size_t i = 0; i < MAX_ENTRIES; i++) {
_db[i] = db_store_t();
}
_local_keys = SecurityEntryKeys_t();
_local_identity = SecurityEntryIdentity_t();
}
virtual void get_whitelist(WhitelistDbCb_t cb) { }
virtual void update_whitelist(Gap::Whitelist_t& whitelist) { }
virtual void add_whitelist_entry(const address_t &address) { }
virtual void remove_whitelist_entry(const address_t &address) { }
virtual void clear_whitelist() { }
/* saving and loading from nvm */
virtual void restore() { }
virtual void sync() { }
virtual void set_restore(bool reload) { }
private:
virtual db_store_t* get_store(connection_handle_t connection) {
for (size_t i = 0; i < MAX_ENTRIES; i++) {
if (!_db[i].entry.connected) {
continue;
} else if (connection == _db[i].entry.handle) {
return &_db[i];
}
}
return NULL;
}
db_store_t _db[MAX_ENTRIES];
SecurityEntryKeys_t _local_keys;
SecurityEntryIdentity_t _local_identity;
};
} /* namespace generic */

2
features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp
View File

@ -463,7 +463,7 @@ public:
if (entry->csrk_stored && (entry->mitm_csrk || !authenticated)) {
/* we have a key that is either authenticated or we don't care if it is
* so retrieve it from the db now */
_db.get_entry_csrk(
_db.get_entry_peer_csrk(
mbed::callback(this, &GenericSecurityManager::return_csrk_cb),
connection
);