ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #13942 from paul-szczepanek-arm/securitydb-fix 

ble: Fix persistence in SecurityDB
pull/13969/head
Martin Kojtal 2020-11-26 11:17:28 +00:00 committed by GitHub
parent 66ca70af94 e71f452e9d
commit dd432a387e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 35 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
connectivity/FEATURE_BLE/source/generic/KVStoreSecurityDb.cpp
View File

@ -26,8 +26,6 @@ namespace ble {
#error "BLE_SECURITY_DATABASE_MAX_ENTRIES must be only one digit long"
#endif
#define ENTRY_INVALID (0xFF)
constexpr uint8_t KVStoreSecurityDb::KVSTORESECURITYDB_VERSION;
constexpr size_t KVStoreSecurityDb::DB_PREFIX_SIZE;
constexpr size_t KVStoreSecurityDb::DB_KEY_SIZE;
@ -54,9 +52,6 @@ typedef SecurityDb::entry_handle_t entry_handle_t;
KVStoreSecurityDb::KVStoreSecurityDb()
: SecurityDb() {
memset(_entries, 0, sizeof(_entries));
for (size_t i = 0; i < get_entry_count(); i++) {
_entries[i].index = ENTRY_INVALID;
}
}
KVStoreSecurityDb::~KVStoreSecurityDb()
@ -95,7 +90,7 @@ bool KVStoreSecurityDb::erase_db()
/* we zero the database and make sure we can fit all our keys */
db_write(zero.entries, DB_ENTRIES);
db_write(&zero.entries, DB_ENTRIES);
db_write((SecurityEntryIdentity_t*)zero.buffer, DB_LOCAL_IDENTITY);
db_write((csrk_t*)zero.buffer, DB_LOCAL_CSRK);
db_write((sign_count_t*)zero.buffer, DB_LOCAL_SIGN_COUNT);
@ -144,7 +139,7 @@ void KVStoreSecurityDb::set_entry_local_ltk(
SecurityEntryKeys_t* current_entry = read_in_entry_local_keys(db_handle);
current_entry->ltk = ltk;
db_write_entry(current_entry, DB_ENTRY_LOCAL_KEYS, entry->index);
db_write_entry(current_entry, DB_ENTRY_LOCAL_KEYS, get_index(entry));
}
void KVStoreSecurityDb::set_entry_local_ediv_rand(
@ -162,7 +157,7 @@ void KVStoreSecurityDb::set_entry_local_ediv_rand(
current_entry->ediv = ediv;
current_entry->rand = rand;
db_write_entry(current_entry, DB_ENTRY_LOCAL_KEYS, entry->index);
db_write_entry(current_entry, DB_ENTRY_LOCAL_KEYS, get_index(entry));
}
/* peer's keys */
@ -184,7 +179,7 @@ void KVStoreSecurityDb::set_entry_peer_ltk(
SecurityEntryKeys_t* current_entry = read_in_entry_peer_keys(db_handle);
current_entry->ltk = ltk;
db_write_entry(current_entry, DB_ENTRY_PEER_KEYS, entry->index);
db_write_entry(current_entry, DB_ENTRY_PEER_KEYS, get_index(entry));
}
void KVStoreSecurityDb::set_entry_peer_ediv_rand(
@ -202,7 +197,7 @@ void KVStoreSecurityDb::set_entry_peer_ediv_rand(
current_entry->ediv = ediv;
current_entry->rand = rand;
db_write_entry(current_entry, DB_ENTRY_PEER_KEYS, entry->index);
db_write_entry(current_entry, DB_ENTRY_PEER_KEYS, get_index(entry));
}
void KVStoreSecurityDb::set_entry_peer_irk(
@ -220,7 +215,7 @@ void KVStoreSecurityDb::set_entry_peer_irk(
SecurityEntryIdentity_t* current_entry = read_in_entry_peer_identity(db_handle);
current_entry->irk = irk;
db_write_entry(current_entry, DB_ENTRY_PEER_IDENTITY, entry->index);
db_write_entry(current_entry, DB_ENTRY_PEER_IDENTITY, get_index(entry));
}
void KVStoreSecurityDb::set_entry_peer_bdaddr(
@ -238,7 +233,7 @@ void KVStoreSecurityDb::set_entry_peer_bdaddr(
current_entry->identity_address = peer_address;
current_entry->identity_address_is_public = address_is_public;
db_write_entry(current_entry, DB_ENTRY_PEER_IDENTITY, entry->index);
db_write_entry(current_entry, DB_ENTRY_PEER_IDENTITY, get_index(entry));
}
void KVStoreSecurityDb::set_entry_peer_csrk(
@ -256,7 +251,7 @@ void KVStoreSecurityDb::set_entry_peer_csrk(
SecurityEntrySigning_t* current_entry = read_in_entry_peer_signing(db_handle);
current_entry->csrk = csrk;
db_write_entry(current_entry, DB_ENTRY_PEER_SIGNING, entry->index);
db_write_entry(current_entry, DB_ENTRY_PEER_SIGNING, get_index(entry));
}
void KVStoreSecurityDb::set_entry_peer_sign_counter(
@ -349,16 +344,12 @@ void KVStoreSecurityDb::reset_entry(entry_handle_t db_handle)
return;
}
if (entry->index != ENTRY_INVALID) {
uint8_t zero_buffer[sizeof(SecurityEntryKeys_t)] = {0};
uint8_t zero_buffer[sizeof(SecurityEntryKeys_t)] = {0};
db_write_entry((SecurityEntryKeys_t*)zero_buffer, DB_ENTRY_LOCAL_KEYS, entry->index);
db_write_entry((SecurityEntryIdentity_t*)zero_buffer, DB_ENTRY_PEER_IDENTITY, entry->index);
db_write_entry((SecurityEntryKeys_t*)zero_buffer, DB_ENTRY_PEER_KEYS, entry->index);
db_write_entry((SecurityEntrySigning_t*)zero_buffer, DB_ENTRY_PEER_SIGNING, entry->index);
entry->index = ENTRY_INVALID;
}
db_write_entry((SecurityEntryKeys_t*)zero_buffer, DB_ENTRY_LOCAL_KEYS, get_index(entry));
db_write_entry((SecurityEntryIdentity_t*)zero_buffer, DB_ENTRY_PEER_IDENTITY, get_index(entry));
db_write_entry((SecurityEntryKeys_t*)zero_buffer, DB_ENTRY_PEER_KEYS, get_index(entry));
db_write_entry((SecurityEntrySigning_t*)zero_buffer, DB_ENTRY_PEER_SIGNING, get_index(entry));
entry->flags = SecurityDistributionFlags_t();
entry->peer_sign_counter = 0;
@ -372,7 +363,7 @@ SecurityEntryIdentity_t* KVStoreSecurityDb::read_in_entry_peer_identity(entry_ha
}
SecurityEntryIdentity_t* identity = reinterpret_cast<SecurityEntryIdentity_t*>(_buffer);
db_read_entry(identity, DB_ENTRY_PEER_IDENTITY, entry->index);
db_read_entry(identity, DB_ENTRY_PEER_IDENTITY, get_index(entry));
return identity;
};
@ -385,7 +376,7 @@ SecurityEntryKeys_t* KVStoreSecurityDb::read_in_entry_peer_keys(entry_handle_t d
}
SecurityEntryKeys_t* keys = reinterpret_cast<SecurityEntryKeys_t*>(_buffer);
db_read_entry(keys, DB_ENTRY_PEER_KEYS, entry->index);
db_read_entry(keys, DB_ENTRY_PEER_KEYS, get_index(entry));
return keys;
};
@ -398,7 +389,7 @@ SecurityEntryKeys_t* KVStoreSecurityDb::read_in_entry_local_keys(entry_handle_t
}
SecurityEntryKeys_t* keys = reinterpret_cast<SecurityEntryKeys_t*>(_buffer);
db_read_entry(keys, DB_ENTRY_LOCAL_KEYS, entry->index);
db_read_entry(keys, DB_ENTRY_LOCAL_KEYS, get_index(entry));
return keys;
};
@ -412,7 +403,7 @@ SecurityEntrySigning_t* KVStoreSecurityDb::read_in_entry_peer_signing(entry_hand
/* only read in the csrk */
csrk_t* csrk = reinterpret_cast<csrk_t*>(_buffer);
db_read_entry(csrk, DB_ENTRY_PEER_SIGNING, entry->index);
db_read_entry(csrk, DB_ENTRY_PEER_SIGNING,get_index(entry));
/* use the counter held in memory */

6
connectivity/FEATURE_BLE/source/generic/KVStoreSecurityDb.h
View File

@ -38,7 +38,6 @@ private:
struct entry_t {
SecurityDistributionFlags_t flags;
sign_count_t peer_sign_counter;
uint8_t index;
};
static constexpr uint8_t KVSTORESECURITYDB_VERSION = 1;
@ -228,6 +227,11 @@ private:
private:
entry_t _entries[BLE_SECURITY_DATABASE_MAX_ENTRIES];
uint8_t _buffer[sizeof(SecurityEntryKeys_t)];
uint8_t get_index(entry_t *entry)
{
return entry - _entries;
}
};
} /* namespace ble */

13
connectivity/FEATURE_BLE/source/generic/SecurityDb.h
View File

@ -181,10 +181,21 @@ public:
entry_handle_t correct_handle = find_entry_by_peer_ediv_rand(ediv, rand);
if (!correct_handle) {
cb(*db_handle, NULL);
return;
}
// Note: keys should never be null as a matching entry has been retrieved
SecurityEntryKeys_t* keys = read_in_entry_local_keys(correct_handle);
MBED_ASSERT(keys);
/* set flags connected */
SecurityDistributionFlags_t* flags = get_distribution_flags(correct_handle);
flags->connected = true;
/* update peer address */
SecurityDistributionFlags_t* old_flags = get_distribution_flags(*db_handle);
flags->peer_address = old_flags->peer_address;
flags->peer_address_is_public = old_flags->peer_address_is_public;
close_entry(*db_handle, false);
*db_handle = correct_handle;
cb(*db_handle, keys);
@ -494,6 +505,7 @@ public:
) {
entry_handle_t db_handle = find_entry_by_peer_address(peer_address_type, peer_address);
if (db_handle) {
((SecurityDistributionFlags_t*)db_handle)->connected = true;
return db_handle;
}
@ -507,6 +519,7 @@ public:
* by identity address */
flags->peer_address = peer_address;
flags->peer_address_is_public = peer_address_public;
flags->connected = true;
return flags;
}