From 9da64e529e96ab7941e89756bc9272adf1bf8ae6 Mon Sep 17 00:00:00 2001 From: paul-szczepanek-arm <33840200+paul-szczepanek-arm@users.noreply.github.com> Date: Fri, 18 May 2018 13:46:55 +0100 Subject: [PATCH] refactor into separate functions for readability and correctness of pal matching db --- features/FEATURE_BLE/ble/SecurityManager.h | 6 +- .../ble/generic/GenericSecurityManager.h | 18 +++- .../source/generic/GenericSecurityManager.cpp | 90 +++++++++++++------ 3 files changed, 82 insertions(+), 32 deletions(-) diff --git a/features/FEATURE_BLE/ble/SecurityManager.h b/features/FEATURE_BLE/ble/SecurityManager.h index 548805c191..358e2478a4 100644 --- a/features/FEATURE_BLE/ble/SecurityManager.h +++ b/features/FEATURE_BLE/ble/SecurityManager.h @@ -464,15 +464,17 @@ public: } /** - * Change the file used for the security datagse. If path is invalid or a NULL is passed + * Change the file used for the security database. If path is invalid or a NULL is passed * keys will only be stored in memory. * + * @note This operation is only allowed with no active connections. + * * @param[in] dbPath Path to the file used to store keys in the filesystem, * if NULL keys will be only stored in memory * * @return BLE_ERROR_NONE on success. */ - virtual ble_error_t setDatabaseFile(const char *dbFilepath = NULL) { + virtual ble_error_t setDatabaseFilepath(const char *dbFilepath = NULL) { (void)dbFilepath; return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */ } diff --git a/features/FEATURE_BLE/ble/generic/GenericSecurityManager.h b/features/FEATURE_BLE/ble/generic/GenericSecurityManager.h index 4dca909fc7..b2a2e8ff97 100644 --- a/features/FEATURE_BLE/ble/generic/GenericSecurityManager.h +++ b/features/FEATURE_BLE/ble/generic/GenericSecurityManager.h @@ -53,7 +53,7 @@ public: const char* db_path = NULL ); - virtual ble_error_t setDatabaseFile(const char *db_path = NULL); + virtual ble_error_t setDatabaseFilepath(const char *db_path = NULL); virtual ble_error_t reset(); @@ -265,6 +265,22 @@ public: // private: + + /** + * Initialise the database, if database already exists it will close it and open the new one. + * + * @param db_path path to file to store secure db + * @return BLE_ERROR_NONE or appropriate error code indicating the failure reason. + */ + ble_error_t init_database(const char *db_path = NULL); + + /** + * Generate identity list based on the database of IRK and apply it to the resolving list. + * + * @return BLE_ERROR_NONE or appropriate error code indicating the failure reason. + */ + ble_error_t init_resolving_list(); + /** * Generate the CSRK if needed. * diff --git a/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp b/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp index 588e69ceaa..d09f1d1f64 100644 --- a/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp +++ b/features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp @@ -48,7 +48,7 @@ ble_error_t GenericSecurityManager::init( return result; } - result = setDatabaseFile(db_path); + result = init_database(db_path); if (result != BLE_ERROR_NONE) { return result; } @@ -79,49 +79,38 @@ ble_error_t GenericSecurityManager::init( init_signing(); } + init_resolving_list(); + _connection_monitor.set_connection_event_handler(this); _signing_monitor.set_signing_event_handler(this); _pal.set_event_handler(this); - uint8_t resolving_list_capacity = _pal.read_resolving_list_capacity(); - SecurityEntryIdentity_t* identity_list_p = - new (std::nothrow) SecurityEntryIdentity_t[resolving_list_capacity]; - - if (identity_list_p) { - ArrayView identity_list( - identity_list_p, - resolving_list_capacity - ); - - _db->get_identity_list( - mbed::callback(this, &GenericSecurityManager::on_identity_list_retrieved), - identity_list - ); - } - return BLE_ERROR_NONE; } -ble_error_t GenericSecurityManager::setDatabaseFile( +ble_error_t GenericSecurityManager::setDatabaseFilepath( const char *db_path ) { - if (_db) { - delete _db; + if (!_db) return BLE_ERROR_INITIALIZATION_INCOMPLETE; + + /* operation only allowed with no connections active */ + for (size_t i = 0; i < MAX_CONTROL_BLOCKS; i++) { + if (_control_blocks[i].connected) { + return BLE_ERROR_OPERATION_NOT_PERMITTED; + } } - FILE* db_file = FileSecurityDb::open_db_file(db_path); - - if (db_file) { - _db = new (std::nothrow) FileSecurityDb(db_file); - } else { - _db = new (std::nothrow) MemorySecurityDb(); + ble_error_t result = init_database(db_path); + if (result != BLE_ERROR_NONE) { + return result; } - if (!_db) { - return BLE_ERROR_NO_MEM; + result = init_database(db_path); + if (result != BLE_ERROR_NONE) { + return result; } - _db->restore(); + init_resolving_list(); return BLE_ERROR_NONE; } @@ -779,6 +768,49 @@ ble_error_t GenericSecurityManager::oobReceived( // Helper functions // +ble_error_t GenericSecurityManager::init_database( + const char *db_path +) { + if (_db) { + delete _db; + } + + FILE* db_file = FileSecurityDb::open_db_file(db_path); + + if (db_file) { + _db = new (std::nothrow) FileSecurityDb(db_file); + } else { + _db = new (std::nothrow) MemorySecurityDb(); + } + + if (!_db) { + return BLE_ERROR_NO_MEM; + } + + _db->restore(); + + return BLE_ERROR_NONE; +} + +ble_error_t GenericSecurityManager::init_resolving_list() { + /* match the resolving list to the currently stored set of IRKs */ + uint8_t resolving_list_capacity = _pal.read_resolving_list_capacity(); + SecurityEntryIdentity_t* identity_list_p = + new (std::nothrow) SecurityEntryIdentity_t[resolving_list_capacity]; + + if (identity_list_p) { + ArrayView identity_list( + identity_list_p, + resolving_list_capacity + ); + + _db->get_identity_list( + mbed::callback(this, &GenericSecurityManager::on_identity_list_retrieved), + identity_list + ); + } +} + ble_error_t GenericSecurityManager::init_signing() { if (!_db) return BLE_ERROR_INITIALIZATION_INCOMPLETE; const csrk_t *pcsrk = _db->get_local_csrk();