ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

refactor into separate functions for readability and correctness of pal matching db

pull/6932/head
paul-szczepanek-arm 2018-05-18 13:46:55 +01:00
parent 439d002f7d
commit 9da64e529e
3 changed files with 82 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
features/FEATURE_BLE/ble/SecurityManager.h
View File

@ -464,15 +464,17 @@ public:
} }
/** /**
* Change the file used for the security datagse. If path is invalid or a NULL is passed * Change the file used for the security database. If path is invalid or a NULL is passed
* keys will only be stored in memory. * keys will only be stored in memory.
* *
* @note This operation is only allowed with no active connections.
*
* @param[in] dbPath Path to the file used to store keys in the filesystem, * @param[in] dbPath Path to the file used to store keys in the filesystem,
* if NULL keys will be only stored in memory * if NULL keys will be only stored in memory
* *
* @return BLE_ERROR_NONE on success. * @return BLE_ERROR_NONE on success.
*/ */
virtual ble_error_t setDatabaseFile(const char *dbFilepath = NULL) { virtual ble_error_t setDatabaseFilepath(const char *dbFilepath = NULL) {
(void)dbFilepath; (void)dbFilepath;
return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */ return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
} }

18
features/FEATURE_BLE/ble/generic/GenericSecurityManager.h
View File

@ -53,7 +53,7 @@ public:
const char* db_path = NULL const char* db_path = NULL
); );
virtual ble_error_t setDatabaseFile(const char *db_path = NULL); virtual ble_error_t setDatabaseFilepath(const char *db_path = NULL);
virtual ble_error_t reset(); virtual ble_error_t reset();
@ -265,6 +265,22 @@ public:
// //
private: private:
/**
* Initialise the database, if database already exists it will close it and open the new one.
*
* @param db_path path to file to store secure db
* @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
*/
ble_error_t init_database(const char *db_path = NULL);
/**
* Generate identity list based on the database of IRK and apply it to the resolving list.
*
* @return BLE_ERROR_NONE or appropriate error code indicating the failure reason.
*/
ble_error_t init_resolving_list();
/** /**
* Generate the CSRK if needed. * Generate the CSRK if needed.
* *

90
features/FEATURE_BLE/source/generic/GenericSecurityManager.cpp
View File

@ -48,7 +48,7 @@ ble_error_t GenericSecurityManager::init(
return result; return result;
} }
result = setDatabaseFile(db_path); result = init_database(db_path);
if (result != BLE_ERROR_NONE) { if (result != BLE_ERROR_NONE) {
return result; return result;
} }
@ -79,49 +79,38 @@ ble_error_t GenericSecurityManager::init(
init_signing(); init_signing();
} }
init_resolving_list();
_connection_monitor.set_connection_event_handler(this); _connection_monitor.set_connection_event_handler(this);
_signing_monitor.set_signing_event_handler(this); _signing_monitor.set_signing_event_handler(this);
_pal.set_event_handler(this); _pal.set_event_handler(this);
uint8_t resolving_list_capacity = _pal.read_resolving_list_capacity();
SecurityEntryIdentity_t* identity_list_p =
new (std::nothrow) SecurityEntryIdentity_t[resolving_list_capacity];
if (identity_list_p) {
ArrayView<SecurityEntryIdentity_t> identity_list(
identity_list_p,
resolving_list_capacity
);
_db->get_identity_list(
mbed::callback(this, &GenericSecurityManager::on_identity_list_retrieved),
identity_list
);
}
return BLE_ERROR_NONE; return BLE_ERROR_NONE;
} }
ble_error_t GenericSecurityManager::setDatabaseFile( ble_error_t GenericSecurityManager::setDatabaseFilepath(
const char *db_path const char *db_path
) { ) {
if (_db) { if (!_db) return BLE_ERROR_INITIALIZATION_INCOMPLETE;
delete _db;
/* operation only allowed with no connections active */
for (size_t i = 0; i < MAX_CONTROL_BLOCKS; i++) {
if (_control_blocks[i].connected) {
return BLE_ERROR_OPERATION_NOT_PERMITTED;
}
} }
FILE* db_file = FileSecurityDb::open_db_file(db_path); ble_error_t result = init_database(db_path);
if (result != BLE_ERROR_NONE) {
if (db_file) { return result;
_db = new (std::nothrow) FileSecurityDb(db_file);
} else {
_db = new (std::nothrow) MemorySecurityDb();
} }
if (!_db) { result = init_database(db_path);
return BLE_ERROR_NO_MEM; if (result != BLE_ERROR_NONE) {
return result;
} }
_db->restore(); init_resolving_list();
return BLE_ERROR_NONE; return BLE_ERROR_NONE;
} }
@ -779,6 +768,49 @@ ble_error_t GenericSecurityManager::oobReceived(
// Helper functions // Helper functions
// //
ble_error_t GenericSecurityManager::init_database(
const char *db_path
) {
if (_db) {
delete _db;
}
FILE* db_file = FileSecurityDb::open_db_file(db_path);
if (db_file) {
_db = new (std::nothrow) FileSecurityDb(db_file);
} else {
_db = new (std::nothrow) MemorySecurityDb();
}
if (!_db) {
return BLE_ERROR_NO_MEM;
}
_db->restore();
return BLE_ERROR_NONE;
}
ble_error_t GenericSecurityManager::init_resolving_list() {
/* match the resolving list to the currently stored set of IRKs */
uint8_t resolving_list_capacity = _pal.read_resolving_list_capacity();
SecurityEntryIdentity_t* identity_list_p =
new (std::nothrow) SecurityEntryIdentity_t[resolving_list_capacity];
if (identity_list_p) {
ArrayView<SecurityEntryIdentity_t> identity_list(
identity_list_p,
resolving_list_capacity
);
_db->get_identity_list(
mbed::callback(this, &GenericSecurityManager::on_identity_list_retrieved),
identity_list
);
}
}
ble_error_t GenericSecurityManager::init_signing() { ble_error_t GenericSecurityManager::init_signing() {
if (!_db) return BLE_ERROR_INITIALIZATION_INCOMPLETE; if (!_db) return BLE_ERROR_INITIALIZATION_INCOMPLETE;
const csrk_t *pcsrk = _db->get_local_csrk(); const csrk_t *pcsrk = _db->get_local_csrk();