ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
18,899 Commits
52 Branches
336 Tags
624 MiB
Commit Graph

917 Commits (e7cd6ae2a98d7b24cf30072eef07b66740aa85bc)

Author SHA1 Message Date
Andrew Leech cfd248ee05 Enable ASSERTS's in nrf sdk to catch coding errors. 
These will now flow through to mbed standard error handling.
 2018-05-22 11:36:30 +10:00
Vincent Coubard fb9e0dcbe7 BLE: Fix resolvable private address identification. 2018-05-21 15:30:19 +01:00
Vincent Coubard b973a8a490 BLE: Add default constructor to peer_address_type_t 2018-05-21 15:29:54 +01:00
Vincent Coubard bdad5d6496 BLE Generic: Handle peer address type backward compatibility. 2018-05-21 13:29:06 +01:00
Vincent Coubard cc286fe84c BLE: Cordio pal: Handle enhanced connection events. 2018-05-21 13:22:53 +01:00
Vincent Coubard cbba6dd0d6 BLE PAL: Update connection event to support enhanced connection events. 2018-05-21 13:22:31 +01:00
Vincent Coubard 57ffa14b4b Nordic BLE: Backport privacy backward compatibility to NRF51 2018-05-21 13:21:46 +01:00
paul-szczepanek-arm 62ba220100 doxygen fix 2018-05-21 11:42:32 +01:00
paul-szczepanek-arm 17e8ed9401 forward resolving list init 2018-05-21 11:34:40 +01:00
Vincent Coubard 14a1095c31 Nordic BLE: Disable secure connection support on NRF51. 2018-05-21 10:34:09 +01:00
Vincent Coubard 4c1a309117 Nordic BLE: Set own resolvable address to NULL. 
This address is not accessible to the application.
 2018-05-21 10:22:01 +01:00
Vincent Coubard d962fc0174 BLE: factor code in GAP. 2018-05-21 10:20:43 +01:00
Vincent Coubard 28766bd873 BLE: Do not pass peer resolvable address in connection event handler 2018-05-21 10:17:44 +01:00
paul-szczepanek-arm cd9f12ab45 return error codes 2018-05-18 13:59:30 +01:00
paul-szczepanek-arm ace491d430 remove duplicate call 2018-05-18 13:54:15 +01:00
paul-szczepanek-arm 9da64e529e refactor into separate functions for readability and correctness of pal matching db 2018-05-18 13:46:55 +01:00
paul-szczepanek-arm 439d002f7d new API call to change db at runtime 2018-05-18 12:34:52 +01:00
paul-szczepanek-arm 608ad338e8 return error when not initialised 2018-05-18 10:24:16 +01:00
Vincent Coubard c3bcd10cfd BLE NRF52: Implement features related to peer_address_t 
The overload of Gap::connect that accept peer_address_t has been added and gap connection and advertising report process have been updated to exploit peer_address_t in a backward compatible fashion.
 2018-05-18 10:09:07 +01:00
Vincent Coubard d361960aa3 BLE: Use peer_address_type_t instead of the legacy address in security manager. 2018-05-18 10:04:27 +01:00
paul-szczepanek-arm a8ac925b4f privacy doxygen overview 2018-05-17 16:48:49 +01:00
paul-szczepanek-arm 7e69444458 security manager doxygen overview updated 2018-05-17 14:10:57 +01:00
Vincent Coubard a052afdd40 BLE: Update APIs to take advantage of ble::peer_address_type_t 
Deprecation:

* Gap::AdvertisementCallback::addressType has been deprecated in favor of Gap::AdvertisementCallback::peerAddrType.
* Gap::ConnectionCallbackParams::peerAddrType has been deprecated in favor of Gap::ConnectionCallbackParams::peerAddressType.
* Gap::ConnectionCallbackParams::ownAddr has been deprecated in favor of nothing else as this information may be not available.

Overloads added to accept a peer_address_t:

* Gap::connect
* Gap::processConnectionEvent
* Gap::processAdvertisingReport
 2018-05-17 13:27:15 +01:00
Vincent Coubard 0eb680a08b GenericGap: Revert changes introduced to accomodate privacy. 2018-05-17 10:56:29 +01:00
Vincent Coubard 7f05fc0e00 BLE: Define peer_address_type_t 
This type model a peer address, unlike BLEProtocol::AddressType, it is compatible with privacy concepts.
 2018-05-17 10:30:24 +01:00
Vincent Coubard e5d91932fd BLE: Revert address type changes. 
The changes made to BLEProtocol::AddressType was not entirelly backward compatible as BLEProtocol::AddressType split random addresses in three category while the type RANDOM is a superset of these types.
 2018-05-17 10:26:04 +01:00
paul-szczepanek-arm b845a9dc95 fixed doxygen 2018-05-16 17:24:17 +01:00
paul-szczepanek-arm 57a02d6329 fixed signature 2018-05-16 16:54:47 +01:00
Vincent Coubard 37c036ca6b Nordic: Port privacy to softdevice v4. 
Many things have changed; the identity list isn't shared anymore with the whitelist and resolution is handled by the stack itself.
 2018-05-16 16:16:06 +01:00
Vincent Coubard 6c44a78166 Merge branch 'master' of https://github.com/ARMmbed/mbed-os into security-manager-dev 2018-05-16 15:55:15 +01:00
Donatien Garnier ad09ba0dcc Fix handling of security escalation in on_connection_complete() 2018-05-16 13:54:25 +01:00
Donatien Garnier 3f7a7a4213 Merge 2018-05-16 12:44:36 +01:00
Donatien Garnier 7ef7ef553c Fix is_random_xxx_address() functions in GenericGap that I had broken :) 2018-05-16 12:04:04 +01:00
Donatien Garnier 1fdb57e82c Removed set_privacy() API and added is_privacy_supported() check to PAL + Generic GAP 2018-05-16 12:02:21 +01:00
paul-szczepanek-arm 1ae13bc80f don't reset db on security manager reset as the docs require 2018-05-16 11:46:36 +01:00
paul-szczepanek-arm bcca75973e reseting the security db 2018-05-16 11:23:17 +01:00
paul-szczepanek-arm c2bbc94b44 handle init of an already initialised security db 2018-05-16 11:01:37 +01:00
Vincent Coubard afcbdfc7dc Merge branch 'security-manager-dev' of https://github.com/paul-szczepanek-arm/mbed-os into filedb 2018-05-16 08:43:52 +01:00
Donatien Garnier 288c3952d8 Address Paul's comments 2018-05-15 18:37:50 +01:00
paul-szczepanek-arm 5c598688e4 templates for reading and writing to avoid repetition 2018-05-15 16:35:54 +01:00
Vincent Coubard 2cb6e659a9 Nordic BLE: Backport security fixes from nRF5 to nRF5x 2018-05-15 15:11:33 +01:00
Vincent Coubard ca5a9f359a Nordic BLE: remove unecessary nordic ble libraries. 2018-05-15 14:51:19 +01:00
Vincent Coubard a22b4e5d5e Nordic BLE: Remove nordic gap init. 
This initialization is already done in GattServer.
 2018-05-15 14:51:18 +01:00
Vincent Coubard dd6a5350e2 Nordic BLE: Remove peer manager handling. 2018-05-15 14:51:18 +01:00
Vincent Coubard 6f24078507 Nordic BLE: route event handling correctly. 2018-05-15 14:51:18 +01:00
Vincent Coubard 167a660ac1 Nordic BLE: use pal security manager. 2018-05-15 14:51:18 +01:00
Vincent Coubard 31f8cd18f7 Nordic BLE: Backport Gap from nRF5 2018-05-15 14:51:18 +01:00
Vincent Coubard 39396955a2 Nordic BLE: simplify whitelist management. 2018-05-15 14:51:17 +01:00
Vincent Coubard 6810c02606 Nordic BLE: Fix processing of events. 
If new events are signaled during processing then they should be processed when processEvent is called again. The goal is to let other processing happen and not process sollely ble events.
 2018-05-15 14:51:17 +01:00
Vincent Coubard 8fbecf2e0d Nordic BLE: Fix incorrect assignement 2018-05-15 14:51:17 +01:00
Vincent Coubard 68b3288ba8 Nordic BLE: Fix signature of nRF5xGattServer::hwCallback 2018-05-15 14:51:17 +01:00
Vincent Coubard 4a7c9a9a55 Nordic BLE: expose publically btle_handler 2018-05-15 14:51:17 +01:00
Vincent Coubard 2af5508c4c Nordic BLE: Do not conditionnaly assign sm key pointers. 
This change has been forced by a change in latest softdevice that requires all key pointers to not be NULL unlike what is indicated in the documentation.
 2018-05-15 14:51:17 +01:00
Vincent Coubard dc54da0a2d Nordic BLE: Force signing and link requirements to false. 2018-05-15 14:51:16 +01:00
Vincent Coubard 02e3c13d25 Nordic BLE: Protect event signaled flag. 2018-05-15 14:51:16 +01:00
Vincent Coubard f7f1272647 Nordic: Backport security manager pal for NRF5X targets. 2018-05-15 14:51:15 +01:00
Vincent Coubard 4acb3937e4 Cordio BLE: Fix potential memory leak in GattServer. 2018-05-15 14:32:29 +01:00
Vincent Coubard ee720f30bb BLE: Comment security requirement elevation for signed writes. 2018-05-15 12:17:59 +01:00
Vincent Coubard 2c7ed993ec BLE: Fix security requirements in GattCharacteristic. 2018-05-15 12:17:34 +01:00
Vincent Coubard 2860365a3c BLE: Improve readibility of condition. 2018-05-15 12:16:51 +01:00
paul-szczepanek-arm 49db7e2a2a restoring db file blanks file if set to not restore, allow reusing the db 2018-05-15 11:46:39 +01:00
paul-szczepanek-arm f8244a3d87 review comments, init partly moved to restore, restore setting enabled, null check on filepath 2018-05-15 10:24:59 +01:00
Donatien Garnier 6c6af1b0d5 Added missing masks and fixed bit ordering in is_random_xx_address() functions 2018-05-14 13:59:32 +01:00
Donatien Garnier d8b63fc03d Reordered initializers in GenericGap 2018-05-14 13:53:50 +01:00
Donatien Garnier 67ec6323fc Added update_random_address() implementation in GenericGap 2018-05-14 13:52:29 +01:00
Donatien Garnier 3523cdb264 Missing initializer in GenericGap 2018-05-14 13:37:37 +01:00
Donatien Garnier 472d3de849 Give GenericGap access to the Security Manager's PAL 2018-05-14 13:36:02 +01:00
Donatien Garnier a3d9d6cebd Business logic for handling non-resolvable private addresses 2018-05-14 13:26:39 +01:00
Bartek Szatkowski 38df9306d7 Update wsf_types.h to support updated CMSIS 2018-05-14 12:18:21 +01:00
paul-szczepanek-arm 579cb5e222 avoid setting flags twice 2018-05-14 10:26:44 +01:00
paul-szczepanek-arm f4f3a3c697 store ltk and csrk but not irk sent status 
and missing asserts
 2018-05-14 09:52:49 +01:00
paul-szczepanek-arm a7f8d54761 more doxygen 2018-05-13 23:54:44 +01:00
paul-szczepanek-arm d3524e2407 doxygen 2018-05-13 23:49:44 +01:00
paul-szczepanek-arm 8f90875cd6 reset entry now remove old keys 2018-05-13 23:49:27 +01:00
paul-szczepanek-arm 23c6a69d66 key dist flags only in db now and not in control block of sec manager 2018-05-13 23:26:34 +01:00
Donatien Garnier 69e35c49c8 Handle resolution policy for peripheral in GenericGap 2018-05-13 23:25:52 +01:00
paul-szczepanek-arm ab117737fa write back counter, sync entry by hand;e 2018-05-13 22:55:47 +01:00
Donatien Garnier 21471bb3c9 and make sure it compiles and that policy is only applied if privacy is enabled :) 2018-05-13 22:42:11 +01:00
Donatien Garnier 926efa4018 Filter out advertising reports for unresolved addresses if required 2018-05-13 22:37:59 +01:00
Donatien Garnier 6a2ffaeac0 Update own address type generation in GenericGap 2018-05-13 22:16:08 +01:00
Donatien Garnier 620ebc3f9a Some fixes in GenericGap 2018-05-13 20:38:29 +01:00
Donatien Garnier 2509a88d58 Revert set_privacy() in Cordio GAP PAL impl 2018-05-13 20:37:14 +01:00
Donatien Garnier 1a623e6670 Added method to enable/disable privacy in GAP Pal with Cordio impl 2018-05-13 19:15:20 +01:00
Donatien Garnier 4c5e2a8094 Added method to update resolution settings in GenericGap 2018-05-13 19:14:56 +01:00
Donatien Garnier cf03d40909 Doc fix in PalGap.h 2018-05-13 18:54:11 +01:00
Donatien Garnier 5734fca195 Added set_address_resolution method in GAP Pal with Cordio implementation 2018-05-13 18:53:23 +01:00
Donatien Garnier 7b4a813aca Added stubs in GenericGap for privacy configuration methods 2018-05-13 18:52:54 +01:00
Donatien Garnier e9ad148db0 Added privacy-related methods overrides in GenericGap 2018-05-13 17:57:27 +01:00
Donatien Garnier 33c46f5658 Remove LL resolving 'shorcut' when adding a device to resolving list - this should be controlled by the GAP layer 2018-05-13 17:49:00 +01:00
Cruz Monrreal 2104d8ab5b
Merge pull request #6711 from marcuschangarm/cleanup-nrf5x 
Cleanup TARGET_NRF5 and TARGET_NRF5x
 2018-05-11 19:15:05 -05:00
paul-szczepanek-arm 3af4d0b50f get identity list function argument needs to have its own memory allocated 2018-05-11 19:52:12 +01:00
paul-szczepanek-arm a63f38e767 moved logic to security db and left storage in memory and file dbs 
db created at init now
 2018-05-11 19:41:33 +01:00
Donatien Garnier 40b6813dcf Fix wrong use of DmLlPrivEnabled() 2018-05-11 18:52:27 +01:00
Donatien Garnier 71bd30daf3 More inline doc 2018-05-11 18:37:02 +01:00
Donatien Garnier bcfbeb7f1a Some doc adjustments 2018-05-11 18:23:37 +01:00
Donatien Garnier 3ca3c2db2c Initial implementation of the Security Manager's Privacy feature for Cordio 2018-05-11 18:20:39 +01:00
paul-szczepanek-arm 678d494c5a init _db pointer 2018-05-11 10:20:04 +01:00
paul-szczepanek-arm afa4bdcf1a pull common logic into secure db 2018-05-11 10:19:48 +01:00
Vincent Coubard 40a403e99b Merge branch 'security-manager-dev' of https://github.com/paul-szczepanek-arm/mbed-os into fix-encryption-rejection 2018-05-10 12:05:36 +01:00
paul-szczepanek-arm 473482d204 move securitydb into generic 2018-05-10 11:08:31 +01:00
Cruz Monrreal c97a8fb216
Merge pull request #6817 from pan-/fix-crypto_toolbox_f4-parameter-types 
GenericSecurityManager: Fix crypto_toolbox_f4 signature.
 2018-05-09 11:33:27 -05:00
Cruz Monrreal e33fb60c3d
Merge pull request #6849 from scartmell-arm/bug-critical-section-nordic 
Add missing semicolon to NRF51 critical_section implementation
 2018-05-09 11:33:10 -05:00
paul-szczepanek-arm b95da8d8c4 remove crypto when missing ECDH 2018-05-09 12:27:43 +01:00
Paul Szczepanek fee986750d
fix case 2018-05-09 12:19:35 +01:00
Paul Szczepanek b4d7bb6020
fix case 2018-05-09 12:19:27 +01:00
Paul Szczepanek 37b11d8ac5
fix case 2018-05-09 12:18:55 +01:00
Paul Szczepanek 367fe345ba
fix case 2018-05-09 12:18:42 +01:00
Paul Szczepanek 79b3bc4fce
fix case 2018-05-09 12:18:26 +01:00
paul-szczepanek-arm b98ffa48da fix uppercase X in nrf5x 2018-05-09 12:16:26 +01:00
paul-szczepanek-arm 6a26a8a6c8 Merge branch 'security-manager-dev' of https://github.com/paul-szczepanek-arm/mbed-os into security-manager-dev 2018-05-09 11:37:41 +01:00
paul-szczepanek-arm c02b318436 fixed case in filename 2018-05-09 11:37:33 +01:00
Paul Szczepanek 2b02148ab6
Merge branch 'master' into security-manager-dev 2018-05-09 11:23:28 +01:00
paul-szczepanek-arm b8fe37a00e disable ECDH if the platform doesn't support it 
otherwise you get linker errors
 2018-05-09 11:01:10 +01:00
Steven Cartmell 1dfea4168f Add missing semicolon to NRF51 critical_section implementation 2018-05-09 10:54:26 +01:00
Marcus Chang 1aebdcbee5 Reorganize TARGET_MCU_NRF51822_UNIFIED directories 
The unified NRF51 target and feature BLE directories have been
reorganized to follow the naming and directory structure of the
NRF52 implementation.

This reorganization does not include TARGET_MCU_NRF51822 and
derived targets.
 2018-05-08 10:10:01 -07:00
Paul Szczepanek 9a0a0865a6
Merge branch 'security-manager-dev' into sm-privacy-nordic 2018-05-08 18:01:41 +01:00
Paul Szczepanek 214656a9ee
fix case in #include 2018-05-08 17:56:38 +01:00
Paul Szczepanek 1a35f3e217
fixed case in name 2018-05-08 17:49:22 +01:00
Cruz Monrreal adcd7ec002
Merge pull request #6742 from pan-/ble-update-cordio-porting-guide 
BLE: Update cordio porting guide
 2018-05-08 10:42:19 -05:00
Cruz Monrreal 5b5c8ddb4e
Merge pull request #6743 from pan-/ble-cordio-h4-conditionnal-to-fc 
BLE: Conditional compilation of H4 driver
 2018-05-08 10:41:58 -05:00
Vincent Coubard 565921608e Cordio: Improve cordio H4 driver. 
Ommit H4 driver definition if serial flow control is not supported.
 2018-05-04 16:36:05 +01:00
Vincent Coubard 34c9206054 BLE: update cordio porting guide. 
Improve description of the requirements of the H4 driver.
 2018-05-04 16:35:57 +01:00
Vincent Coubard 3f9186faa2 GenericSecurityManager: Fix crypto_toolbox_f4 signature. 
The type exposed in the header file were not aligned to the one used in
the implementation: ble::public_key_t instead of ble::public_key_coord_t.
 2018-05-04 12:11:34 +01:00
Vincent Coubard fd5903c22d GenericGattClient: Fix discovery termination. 
The procedure should be terminated whenever the server returns an error not equal
to ATTRIBUTE_NOT_FOUND. The block was effectivelly terminated but the
procedure was not. As a result the discovery was operating on already
freed memory.
 2018-05-04 11:30:58 +01:00
Vincent Coubard b5e8d4eacb Merge branch 'security-manager-dev' of https://github.com/paul-szczepanek-arm/mbed-os into fix-encryption-rejection 2018-05-03 09:26:36 +01:00
Vincent Coubard 0a59e00b23 Nordic BLE: Update GATT server security management 
This patch refines permission applied to characteristic and descriptors; instead of a single level of permission , each characteristic receives a permission for the read operation, one for the write operation and another one for the update operation.

As a consequence, updates are not sent if the link does not cover the update permission requirement.

Descriptors also benefits individually from read and write permission.
 2018-05-02 19:15:24 +01:00
Vincent Coubard 4f1e574eff Cordio GattServer: Fix uses of designated initializer. 
These are not legal in C++ code.
 2018-05-02 18:14:54 +01:00
Vincent Coubard 7e043ead96 Nordic BLE: Add stub implementation of remove_peer_csrk in security manager. 2018-05-02 17:52:39 +01:00
Vincent Coubard 4e5639f5ca BLE: Support encryption with secure connection key. 2018-05-02 17:51:48 +01:00
Donatien Garnier ba0f18c9ab Fix casing in MemorySecurityDb.h 2018-05-02 17:39:10 +01:00
Vincent Coubard f79eeb0173 Cordio: Update stack and pal to support LE security mode 2 level 2. 2018-05-02 14:32:38 +01:00
Vincent Coubard 01e3a004a6 Cordio: register server authorization callback. 2018-05-01 12:29:03 +01:00
Vincent Coubard 549a513dfb Cordio: Enable client and server signing 2018-05-01 12:28:37 +01:00
Vincent Coubard d0c4d7a8a3 Cordio: Forward server related events to CordioGattServer 2018-05-01 12:27:49 +01:00
Vincent Coubard 0f64b1c988 CordioGattServer: Global refactoring 
The registration process has been breaked down into several functions that register the service attribute, characteristic declaration attributes, characteristic value attributes and characteristic descriptors.

Service registration now consider all characteristics permissions: read, write and update. Permissions are also considered when updates needs to be propagated to peers.

Handling of user authorization is also a change introduced by this refactoring.
 2018-05-01 12:26:24 +01:00
Vincent Coubard 55eb7033b2 Generic Security Manager: Set csrk to stored when the peer csrk has been received. 2018-05-01 11:54:25 +01:00
Vincent Coubard 41a3442474 Generic Security Manager: Set ltk to stored when the peer ltk has been recveived. 2018-05-01 11:54:03 +01:00
Vincent Coubard f90eacfd27 Generic Security Manager: remove peer csrk at disconnection 2018-05-01 11:53:18 +01:00
Vincent Coubard 1ac95e105b ble - Generic Security Manager: set signing unconditionnal to role reversal. 
A peripheral can act as a GATT client whether it is in the peripheral role or the central role therefore it doesn't make sense to enable signing only if roles will be reversed latter.
 2018-05-01 11:50:59 +01:00
Vincent Coubard 9880db7543 Generic Security Manager: Improve formating 2018-05-01 11:48:22 +01:00
Vincent Coubard 2e3c7e8ab7 Generic Security Manager: Set LinkKey to false unconditionally. 
This key distribution flags is for dual mode devices; mbed does not support BR/EDR.
 2018-05-01 11:45:24 +01:00
Vincent Coubard e39bb4b92c BLE - GenericGattClient: Exploit ENCRYPTED_WITH_SC_AND_MITM encryption. 
IF link is encrypted, authenticated or authenticated with lesc then signed write must be transformed into regular write commands.
 2018-05-01 11:38:30 +01:00
Vincent Coubard 2da6fa3947 Cordio PAL security manager: Copy locally own CSRK 
The stack does not copy csrk when DmSecSetLocalCsrk is invoked; it just retains a pointer to it. Therefore a copy is kept inside the pal.
 2018-05-01 11:35:16 +01:00
Vincent Coubard e4813f4fe9 Cordio PAL Security Manager: Copy locally own IRK. 
The IRK needs to be stored somewhere as it is not copied inside the stack, the stack just keeps a reference to it.
 2018-05-01 11:33:36 +01:00
Vincent Coubard 2924bb4c86 Cordio PAL ATT Client: initialize the local sign counter to 0. 2018-05-01 11:29:45 +01:00
Vincent Coubard 74bc214961 BLE - Security Manager PAL: Add a function to remove the peer csrk. 
If the the upper layer has registered a peer csrk on the pal security manager then it must remove it once the connection is closed.

This API allows the upper layer to remove the peer csrk registered earlier.
 2018-05-01 11:27:38 +01:00
Vincent Coubard 1e277bad50 BLE: Lookup for non identity addresses when a secure entry is opened. 
A peer may not share a valid IRK and identity address during pairing (in that case the identity address received is all zeros). When this happens, the entry must be retrieved by looking at the address used by the peer during the connection.
 2018-05-01 11:24:44 +01:00
Vincent Coubard c4b78ada0e BLE: Set default mac address to 00:00:00:00:00:00 
Both mac addresses are invalid but the bluetooth specification prefers to use all 0 addresses to represent an invalid address.
 2018-05-01 11:17:47 +01:00
Vincent Coubard 80941af0f6 BLE: Add : LESC authenticated encryption to the list of possible link encryption. 2018-05-01 11:16:41 +01:00
Vincent Coubard db565d38b3 BLE: remove useless flags in GattCharacteristic. 2018-04-26 19:00:43 +01:00