xiaozhengsheng/HL-PDJ-1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
HL-PDJ-1/components/ble/peer_manager/security_dispatcher.c
xiaozhengsheng 6df0f7d96e 初始版本
2025-08-19 09:49:41 +08:00

1097 lines
37 KiB
C
Raw Blame History

/**
* Copyright (c) 2015 - 2020, Nordic Semiconductor ASA
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without modification,
* are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form, except as embedded into a Nordic
* Semiconductor ASA integrated circuit in a product or a software update for
* such product, must reproduce the above copyright notice, this list of
* conditions and the following disclaimer in the documentation and/or other
* materials provided with the distribution.
*
* 3. Neither the name of Nordic Semiconductor ASA nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
*
* 4. This software, with or without modification, must only be used with a
* Nordic Semiconductor ASA integrated circuit.
*
* 5. Any software provided in binary form under this license must not be reverse
* engineered, decompiled, modified and/or disassembled.
*
* THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include "sdk_common.h"
#if NRF_MODULE_ENABLED(PEER_MANAGER)
#include "security_dispatcher.h"
#include <string.h>
#include "ble.h"
#include "ble_gap.h"
#include "ble_err.h"
#include "ble_conn_state.h"
#include "peer_manager_types.h"
#include "peer_data_storage.h"
#include "peer_database.h"
#include "id_manager.h"
#if PM_RA_PROTECTION_ENABLED
#include "auth_status_tracker.h"
#endif // PM_RA_PROTECTION_ENABLED
#define NRF_LOG_MODULE_NAME peer_manager_smd
#if PM_LOG_ENABLED
#define NRF_LOG_LEVEL PM_LOG_LEVEL
#define NRF_LOG_INFO_COLOR PM_LOG_INFO_COLOR
#define NRF_LOG_DEBUG_COLOR PM_LOG_DEBUG_COLOR
#else
#define NRF_LOG_LEVEL 0
#endif // PM_LOG_ENABLED
#include "nrf_log.h"
#include "nrf_log_ctrl.h"
NRF_LOG_MODULE_REGISTER();
#include "nrf_strerror.h"
#ifndef PM_CENTRAL_ENABLED
#define PM_CENTRAL_ENABLED 1
#endif
// The number of registered event handlers.
#define SMD_EVENT_HANDLERS_CNT (sizeof(m_evt_handlers) / sizeof(m_evt_handlers[0]))
STATIC_ASSERT((NRF_SDH_BLE_CENTRAL_LINK_COUNT == 0) || PM_CENTRAL_ENABLED,
"Peer Manager Central operation must be enabled when using central links.");
// Security Dispacher event handlers in Security Manager and GATT Cache Manager.
extern void sm_smd_evt_handler(pm_evt_t * p_event);
// Security Dispatcher events' handlers.
// The number of elements in this array is SMD_EVENT_HANDLERS_CNT.
static pm_evt_handler_internal_t const m_evt_handlers[] =
{
sm_smd_evt_handler
};
static bool m_module_initialized;
static ble_conn_state_user_flag_id_t m_flag_sec_proc = BLE_CONN_STATE_USER_FLAG_INVALID;
static ble_conn_state_user_flag_id_t m_flag_sec_proc_pairing = BLE_CONN_STATE_USER_FLAG_INVALID;
static ble_conn_state_user_flag_id_t m_flag_sec_proc_bonding = BLE_CONN_STATE_USER_FLAG_INVALID;
static ble_conn_state_user_flag_id_t m_flag_allow_repairing = BLE_CONN_STATE_USER_FLAG_INVALID;
static ble_gap_lesc_p256_pk_t m_peer_pk;
static __INLINE bool sec_procedure(uint16_t conn_handle)
{
return ble_conn_state_user_flag_get(conn_handle, m_flag_sec_proc);
}
static __INLINE bool pairing(uint16_t conn_handle)
{
return ble_conn_state_user_flag_get(conn_handle, m_flag_sec_proc_pairing);
}
static __INLINE bool bonding(uint16_t conn_handle)
{
return ble_conn_state_user_flag_get(conn_handle, m_flag_sec_proc_bonding);
}
static __INLINE bool allow_repairing(uint16_t conn_handle)
{
return ble_conn_state_user_flag_get(conn_handle, m_flag_allow_repairing);
}
/**@brief Function for sending an SMD event to all event handlers.
*
* @param[in] p_event The event to pass to all event handlers.
*/
static void evt_send(pm_evt_t * p_event)
{
p_event->peer_id = im_peer_id_get_by_conn_handle(p_event->conn_handle);
for (uint32_t i = 0; i < SMD_EVENT_HANDLERS_CNT; i++)
{
m_evt_handlers[i](p_event);
}
}
/**@brief Function for sending a PM_EVT_CONN_SEC_START event.
*
* @param[in] conn_handle The connection handle the event pertains to.
* @param[in] procedure The procedure that has started on the connection.
*/
static void sec_start_send(uint16_t conn_handle,
pm_conn_sec_procedure_t procedure)
{
pm_evt_t evt =
{
.evt_id = PM_EVT_CONN_SEC_START,
.conn_handle = conn_handle,
.params = {.conn_sec_start = {.procedure = procedure}}
};
evt_send(&evt);
}
/**@brief Function for sending a PM_EVT_ERROR_UNEXPECTED event.
*
* @param[in] conn_handle The connection handle the event pertains to.
* @param[in] err_code The unexpected error that occurred.
*/
static void send_unexpected_error(uint16_t conn_handle, ret_code_t err_code)
{
pm_evt_t error_evt =
{
.evt_id = PM_EVT_ERROR_UNEXPECTED,
.conn_handle = conn_handle,
.params =
{
.error_unexpected =
{
.error = err_code,
}
}
};
evt_send(&error_evt);
}
/**@brief Function for sending a PM_EVT_STORAGE_FULL event.
*
* @param[in] conn_handle The connection handle the event pertains to.
*/
static void send_storage_full_evt(uint16_t conn_handle)
{
pm_evt_t evt =
{
.evt_id = PM_EVT_STORAGE_FULL,
.conn_handle = conn_handle
};
evt_send(&evt);
}
/**@brief Function for cleaning up after a failed security procedure.
*
* @param[in] conn_handle The handle of the connection the security procedure happens on.
* @param[in] procedure The procedure that failed.
* @param[in] error The error the procedure failed with.
* @param[in] error_src The party that raised the error. See @ref BLE_GAP_SEC_STATUS_SOURCES.
*/
static void conn_sec_failure(uint16_t conn_handle,
pm_conn_sec_procedure_t procedure,
pm_sec_error_code_t error,
uint8_t error_src)
{
pm_evt_t evt =
{
.evt_id = PM_EVT_CONN_SEC_FAILED,
.conn_handle = conn_handle,
.params =
{
.conn_sec_failed =
{
.procedure = procedure,
.error = error,
.error_src = error_src,
}
}
};
ble_conn_state_user_flag_set(conn_handle, m_flag_sec_proc, false);
evt_send(&evt);
return;
}
/**@brief Function for cleaning up after a failed pairing procedure.
*
* @param[in] conn_handle The handle of the connection the pairing procedure happens on.
* @param[in] error The error the procedure failed with.
* @param[in] error_src The source of the error (local or remote). See @ref
* BLE_GAP_SEC_STATUS_SOURCES.
*/
static void pairing_failure(uint16_t conn_handle,
pm_sec_error_code_t error,
uint8_t error_src)
{
ret_code_t err_code = NRF_SUCCESS;
pm_conn_sec_procedure_t procedure = bonding(conn_handle) ? PM_CONN_SEC_PROCEDURE_BONDING
: PM_CONN_SEC_PROCEDURE_PAIRING;
err_code = pdb_write_buf_release(PDB_TEMP_PEER_ID(conn_handle), PM_PEER_DATA_ID_BONDING);
if ((err_code != NRF_SUCCESS) && (err_code != NRF_ERROR_NOT_FOUND /* No buffer was allocated */))
{
NRF_LOG_ERROR("Could not clean up after failed bonding procedure. "\
"pdb_write_buf_release() returned %s. conn_handle: %d.",
nrf_strerror_get(err_code),
conn_handle);
send_unexpected_error(conn_handle, err_code);
}
conn_sec_failure(conn_handle, procedure, error, error_src);
return;
}
/**@brief Function for cleaning up after a failed encryption procedure.
*
* @param[in] conn_handle The handle of the connection the encryption procedure happens on.
* @param[in] error The error the procedure failed with.
* @param[in] error_src The party that raised the error. See @ref BLE_GAP_SEC_STATUS_SOURCES.
*/
static __INLINE void encryption_failure(uint16_t conn_handle,
pm_sec_error_code_t error,
uint8_t error_src)
{
conn_sec_failure(conn_handle, PM_CONN_SEC_PROCEDURE_ENCRYPTION, error, error_src);
return;
}
/**@brief Function for possibly cleaning up after a failed pairing or encryption procedure.
*
* @param[in] conn_handle The handle of the connection the pairing procedure happens on.
* @param[in] error The error the procedure failed with.
* @param[in] error_src The party that raised the error. See @ref BLE_GAP_SEC_STATUS_SOURCES.
*/
static void link_secure_failure(uint16_t conn_handle,
pm_sec_error_code_t error,
uint8_t error_src)
{
if (sec_procedure(conn_handle))
{
if (pairing(conn_handle))
{
pairing_failure(conn_handle, error, error_src);
}
else
{
encryption_failure(conn_handle, error, error_src);
}
}
}
/**@brief Function for administrative actions to be taken when a security process has started.
*
* @param[in] conn_handle The connection the security process was attempted on.
* @param[in] success Whether the procedure was started successfully.
* @param[in] procedure The procedure that was started.
*/
static void sec_proc_start(uint16_t conn_handle,
bool success,
pm_conn_sec_procedure_t procedure)
{
ble_conn_state_user_flag_set(conn_handle, m_flag_sec_proc, success);
if (success)
{
ble_conn_state_user_flag_set(conn_handle,
m_flag_sec_proc_pairing,
(procedure != PM_CONN_SEC_PROCEDURE_ENCRYPTION));
ble_conn_state_user_flag_set(conn_handle,
m_flag_sec_proc_bonding,
(procedure == PM_CONN_SEC_PROCEDURE_BONDING));
sec_start_send(conn_handle, procedure);
}
}
#ifdef BLE_GAP_ROLE_PERIPH
/**@brief Function for processing the @ref BLE_GAP_EVT_SEC_INFO_REQUEST event from the SoftDevice.
*
* @param[in] p_gap_evt The event from the SoftDevice.
*/
static void sec_info_request_process(ble_gap_evt_t const * p_gap_evt)
{
ret_code_t err_code;
ble_gap_enc_info_t const * p_enc_info = NULL;
pm_peer_data_flash_t peer_data;
pm_peer_id_t peer_id = im_peer_id_get_by_master_id(
&p_gap_evt->params.sec_info_request.master_id);
if (peer_id == PM_PEER_ID_INVALID)
{
peer_id = im_peer_id_get_by_conn_handle(p_gap_evt->conn_handle);
}
else
{
// The peer might have been unrecognized until now (since connecting). E.g. if using a
// random non-resolvable advertising address. Report the discovered peer ID just in case.
im_new_peer_id(p_gap_evt->conn_handle, peer_id);
}
sec_proc_start(p_gap_evt->conn_handle, true, PM_CONN_SEC_PROCEDURE_ENCRYPTION);
if (peer_id != PM_PEER_ID_INVALID)
{
err_code = pdb_peer_data_ptr_get(peer_id, PM_PEER_DATA_ID_BONDING, &peer_data);
if (err_code == NRF_SUCCESS)
{
// There is stored bonding data for this peer.
ble_gap_enc_key_t const * p_existing_key = &peer_data.p_bonding_data->own_ltk;
if (p_gap_evt->params.sec_info_request.enc_info
&& (p_existing_key->enc_info.lesc
|| im_master_ids_compare(&p_existing_key->master_id,
&p_gap_evt->params.sec_info_request.master_id)))
{
p_enc_info = &p_existing_key->enc_info;
}
}
}
err_code = sd_ble_gap_sec_info_reply(p_gap_evt->conn_handle, p_enc_info, NULL, NULL);
if (err_code == NRF_ERROR_INVALID_STATE)
{
// Do nothing. If disconnecting, it will be caught later by the handling of the DISCONNECTED
// event. If there is no SEC_INFO_REQ pending, there is either a logic error, or the user
// is also calling sd_ble_gap_sec_info_reply(), but there is no way for the present code to
// detect which one is the case.
NRF_LOG_WARNING("sd_ble_gap_sec_info_reply() returned NRF_EROR_INVALID_STATE, which is an"\
"error unless the link is disconnecting.");
}
else if (err_code != NRF_SUCCESS)
{
NRF_LOG_ERROR("Could not complete encryption procedure. sd_ble_gap_sec_info_reply() "\
"returned %s. conn_handle: %d, peer_id: %d.",
nrf_strerror_get(err_code),
p_gap_evt->conn_handle,
peer_id);
send_unexpected_error(p_gap_evt->conn_handle, err_code);
}
else if (p_gap_evt->params.sec_info_request.enc_info && (p_enc_info == NULL))
{
encryption_failure(p_gap_evt->conn_handle,
PM_CONN_SEC_ERROR_PIN_OR_KEY_MISSING,
BLE_GAP_SEC_STATUS_SOURCE_LOCAL);
}
return;
}
#endif // BLE_GAP_ROLE_PERIPH
/**@brief Function for sending a CONFIG_REQ event.
*
* @param[in] conn_handle The connection the sec parameters are needed for.
*/
static void send_config_req(uint16_t conn_handle)
{
pm_evt_t evt;
memset(&evt, 0, sizeof(evt));
evt.evt_id = PM_EVT_CONN_SEC_CONFIG_REQ;
evt.conn_handle = conn_handle;
evt_send(&evt);
}
void smd_conn_sec_config_reply(uint16_t conn_handle, pm_conn_sec_config_t * p_conn_sec_config)
{
NRF_PM_DEBUG_CHECK(m_module_initialized);
NRF_PM_DEBUG_CHECK(p_conn_sec_config != NULL);
ble_conn_state_user_flag_set(conn_handle,
m_flag_allow_repairing,
p_conn_sec_config->allow_repairing);
}
/**@brief Function for processing the @ref BLE_GAP_EVT_DISCONNECT event from the SoftDevice.
*
* @param[in] p_gap_evt The event from the SoftDevice.
*/
static void disconnect_process(ble_gap_evt_t const * p_gap_evt)
{
pm_sec_error_code_t error = (p_gap_evt->params.disconnected.reason
== BLE_HCI_CONN_TERMINATED_DUE_TO_MIC_FAILURE)
? PM_CONN_SEC_ERROR_MIC_FAILURE : PM_CONN_SEC_ERROR_DISCONNECT;
link_secure_failure(p_gap_evt->conn_handle, error, BLE_GAP_SEC_STATUS_SOURCE_LOCAL);
}
/**@brief Function for sending a PARAMS_REQ event.
*
* @param[in] conn_handle The connection the security parameters are needed for.
* @param[in] p_peer_params The security parameters from the peer. Can be NULL if the peer's parameters
* are not yet available.
*/
static void send_params_req(uint16_t conn_handle, ble_gap_sec_params_t const * p_peer_params)
{
pm_evt_t evt =
{
.evt_id = PM_EVT_CONN_SEC_PARAMS_REQ,
.conn_handle = conn_handle,
.params =
{
.conn_sec_params_req =
{
.p_peer_params = p_peer_params
},
},
};
evt_send(&evt);
}
/**@brief Function for processing the @ref BLE_GAP_EVT_SEC_PARAMS_REQUEST event from the SoftDevice.
*
* @param[in] p_gap_evt The event from the SoftDevice.
*/
static void sec_params_request_process(ble_gap_evt_t const * p_gap_evt)
{
#ifdef BLE_GAP_ROLE_PERIPH
if (ble_conn_state_role(p_gap_evt->conn_handle) == BLE_GAP_ROLE_PERIPH)
{
sec_proc_start(p_gap_evt->conn_handle,
true,
p_gap_evt->params.sec_params_request.peer_params.bond
? PM_CONN_SEC_PROCEDURE_BONDING
: PM_CONN_SEC_PROCEDURE_PAIRING);
}
#endif // BLE_GAP_ROLE_PERIPH
send_params_req(p_gap_evt->conn_handle, &p_gap_evt->params.sec_params_request.peer_params);
return;
}
/**@brief Function for sending a Peer Manager event indicating that pairing has succeeded.
*
* @param[in] p_gap_evt The AUTH_STATUS event from the SoftDevice that triggered this.
* @param[in] data_stored Whether bonding data was stored.
*/
static void pairing_success_evt_send(ble_gap_evt_t const * p_gap_evt, bool data_stored)
{
pm_evt_t pairing_success_evt;
pairing_success_evt.evt_id = PM_EVT_CONN_SEC_SUCCEEDED;
pairing_success_evt.conn_handle = p_gap_evt->conn_handle;
pairing_success_evt.params.conn_sec_succeeded.procedure = p_gap_evt->params.auth_status.bonded
? PM_CONN_SEC_PROCEDURE_BONDING
: PM_CONN_SEC_PROCEDURE_PAIRING;
pairing_success_evt.params.conn_sec_succeeded.data_stored = data_stored;
evt_send(&pairing_success_evt);
}
/**@brief Function for processing the @ref BLE_GAP_EVT_AUTH_STATUS event from the SoftDevice, when
* the auth_status is success.
*
* @param[in] p_gap_evt The event from the SoftDevice.
*/
static void auth_status_success_process(ble_gap_evt_t const * p_gap_evt)
{
ret_code_t err_code;
uint16_t conn_handle = p_gap_evt->conn_handle;
pm_peer_id_t peer_id;
pm_peer_data_t peer_data;
bool new_peer_id = false;
ble_conn_state_user_flag_set(conn_handle, m_flag_sec_proc, false);
if (!p_gap_evt->params.auth_status.bonded)
{
pairing_success_evt_send(p_gap_evt, false);
return;
}
err_code = pdb_write_buf_get(PDB_TEMP_PEER_ID(conn_handle), PM_PEER_DATA_ID_BONDING, 1, &peer_data);
if (err_code != NRF_SUCCESS)
{
NRF_LOG_ERROR("RAM buffer for new bond was unavailable. pdb_write_buf_get() returned %s. conn_handle: %d.",
nrf_strerror_get(err_code),
conn_handle);
send_unexpected_error(conn_handle, err_code);
pairing_success_evt_send(p_gap_evt, false);
return;
}
peer_id = im_peer_id_get_by_conn_handle(conn_handle);
if (peer_id == PM_PEER_ID_INVALID)
{
peer_id = im_find_duplicate_bonding_data(peer_data.p_bonding_data, PM_PEER_ID_INVALID);
if (peer_id != PM_PEER_ID_INVALID)
{
// The peer has been identified as someone we have already bonded with.
im_new_peer_id(conn_handle, peer_id);
// If the flag is true, the configuration has been requested before.
if (!allow_repairing(conn_handle))
{
send_config_req(conn_handle);
if (!allow_repairing(conn_handle))
{
pairing_success_evt_send(p_gap_evt, false);
return;
}
}
}
}
if (peer_id == PM_PEER_ID_INVALID)
{
peer_id = pds_peer_id_allocate();
if (peer_id == PM_PEER_ID_INVALID)
{
NRF_LOG_ERROR("Could not allocate new peer_id for incoming bond.");
send_unexpected_error(conn_handle, NRF_ERROR_NO_MEM);
pairing_success_evt_send(p_gap_evt, false);
return;
}
im_new_peer_id(conn_handle, peer_id);
new_peer_id = true;
}
err_code = pdb_write_buf_store(PDB_TEMP_PEER_ID(conn_handle), PM_PEER_DATA_ID_BONDING, peer_id);
if (err_code == NRF_SUCCESS)
{
pairing_success_evt_send(p_gap_evt, true);
}
else if (err_code == NRF_ERROR_STORAGE_FULL)
{
send_storage_full_evt(conn_handle);
pairing_success_evt_send(p_gap_evt, true);
}
else
{
/* Unexpected error */
NRF_LOG_ERROR("Could not store bond. pdb_write_buf_store() returned %s. "\
"conn_handle: %d, peer_id: %d",
nrf_strerror_get(err_code),
conn_handle,
peer_id);
send_unexpected_error(conn_handle, err_code);
pairing_success_evt_send(p_gap_evt, false);
if (new_peer_id)
{
UNUSED_RETURN_VALUE(im_peer_free(peer_id)); // We are already in a bad state.
}
}
return;
}
/**@brief Function for processing the @ref BLE_GAP_EVT_AUTH_STATUS event from the SoftDevice, when
* the auth_status is failure.
*
* @param[in] p_gap_evt The event from the SoftDevice.
*/
static void auth_status_failure_process(ble_gap_evt_t const * p_gap_evt)
{
link_secure_failure(p_gap_evt->conn_handle,
p_gap_evt->params.auth_status.auth_status,
p_gap_evt->params.auth_status.error_src);
}
/**@brief Function for processing the @ref BLE_GAP_EVT_AUTH_STATUS event from the SoftDevice.
*
* @param[in] p_gap_evt The event from the SoftDevice.
*/
static void auth_status_process(ble_gap_evt_t const * p_gap_evt)
{
switch (p_gap_evt->params.auth_status.auth_status)
{
case BLE_GAP_SEC_STATUS_SUCCESS:
auth_status_success_process(p_gap_evt);
break;
default:
auth_status_failure_process(p_gap_evt);
#if PM_RA_PROTECTION_ENABLED
ast_auth_error_notify(p_gap_evt->conn_handle);
#endif // PM_RA_PROTECTION_ENABLED
break;
}
}
/**@brief Function for processing the @ref BLE_GAP_EVT_CONN_SEC_UPDATE event from the SoftDevice.
*
* @param[in] p_gap_evt The event from the SoftDevice.
*/
static void conn_sec_update_process(ble_gap_evt_t const * p_gap_evt)
{
if (!pairing(p_gap_evt->conn_handle))
{
// This is an encryption procedure (not pairing), so this event marks the end of the procedure.
if (!ble_conn_state_encrypted(p_gap_evt->conn_handle))
{
encryption_failure(p_gap_evt->conn_handle,
PM_CONN_SEC_ERROR_PIN_OR_KEY_MISSING,
BLE_GAP_SEC_STATUS_SOURCE_REMOTE);
}
else
{
ble_conn_state_user_flag_set(p_gap_evt->conn_handle, m_flag_sec_proc, false);
pm_evt_t evt;
evt.evt_id = PM_EVT_CONN_SEC_SUCCEEDED;
evt.conn_handle = p_gap_evt->conn_handle;
evt.params.conn_sec_succeeded.procedure = PM_CONN_SEC_PROCEDURE_ENCRYPTION;
evt.params.conn_sec_succeeded.data_stored = false;
evt_send(&evt);
}
}
}
/**@brief Funtion for initializing a BLE Connection State user flag.
*
* @param[out] flag_id The flag to initialize.
*/
static void flag_id_init(ble_conn_state_user_flag_id_t * p_flag_id)
{
if (*p_flag_id == BLE_CONN_STATE_USER_FLAG_INVALID)
{
*p_flag_id = ble_conn_state_user_flag_acquire();
}
}
ret_code_t smd_init(void)
{
NRF_PM_DEBUG_CHECK(!m_module_initialized);
flag_id_init(&m_flag_sec_proc);
flag_id_init(&m_flag_sec_proc_pairing);
flag_id_init(&m_flag_sec_proc_bonding);
flag_id_init(&m_flag_allow_repairing);
if ((m_flag_sec_proc == BLE_CONN_STATE_USER_FLAG_INVALID) ||
(m_flag_sec_proc_pairing == BLE_CONN_STATE_USER_FLAG_INVALID) ||
(m_flag_sec_proc_bonding == BLE_CONN_STATE_USER_FLAG_INVALID) ||
(m_flag_allow_repairing == BLE_CONN_STATE_USER_FLAG_INVALID))
{
NRF_LOG_ERROR("Could not acquire conn_state user flags. Increase "\
"BLE_CONN_STATE_USER_FLAG_COUNT in the ble_conn_state module.");
return NRF_ERROR_INTERNAL;
}
#if PM_RA_PROTECTION_ENABLED
ret_code_t err_code = ast_init();
if (err_code != NRF_SUCCESS)
{
return err_code;
}
#endif // PM_RA_PROTECTION_ENABLED
m_module_initialized = true;
return NRF_SUCCESS;
}
/**@brief Function for putting retrieving a buffer and putting pointers into a @ref ble_gap_sec_keyset_t.
*
* @param[in] conn_handle The connection the security procedure is happening on.
* @param[in] role Our role in the connection.
* @param[in] p_public_key Pointer to a buffer holding the public key, or NULL.
* @param[out] p_sec_keyset Pointer to the keyset to be filled.
*
* @retval NRF_SUCCESS Success.
* @retval NRF_ERROR_BUSY Could not process request at this time. Reattempt later.
* @retval NRF_ERROR_INVALID_PARAM Data ID or Peer ID was invalid or unallocated.
* @retval NRF_ERROR_INVALID_STATE The link is disconnected.
* @retval NRF_ERROR_INTERNAL Fatal error.
*/
static ret_code_t sec_keyset_fill(uint16_t conn_handle,
uint8_t role,
ble_gap_lesc_p256_pk_t * p_public_key,
ble_gap_sec_keyset_t * p_sec_keyset)
{
ret_code_t err_code;
pm_peer_data_t peer_data;
if (p_sec_keyset == NULL)
{
NRF_LOG_ERROR("Internal error: %s received NULL for p_sec_keyset.", __func__);
return NRF_ERROR_INTERNAL;
}
// Acquire a memory buffer to receive bonding data into.
err_code = pdb_write_buf_get(PDB_TEMP_PEER_ID(conn_handle), PM_PEER_DATA_ID_BONDING, 1, &peer_data);
if (err_code == NRF_ERROR_BUSY)
{
// No action.
}
else if (err_code != NRF_SUCCESS)
{
NRF_LOG_ERROR("Could not retrieve RAM buffer for incoming bond. pdb_write_buf_get() "\
"returned %s. conn_handle: %d",
nrf_strerror_get(err_code),
conn_handle);
err_code = NRF_ERROR_INTERNAL;
}
else /* if (err_code == NRF_SUCCESS) */
{
memset(peer_data.p_bonding_data, 0, sizeof(pm_peer_data_bonding_t));
peer_data.p_bonding_data->own_role = role;
p_sec_keyset->keys_own.p_enc_key = &peer_data.p_bonding_data->own_ltk;
p_sec_keyset->keys_own.p_pk = p_public_key;
p_sec_keyset->keys_peer.p_enc_key = &peer_data.p_bonding_data->peer_ltk;
p_sec_keyset->keys_peer.p_id_key = &peer_data.p_bonding_data->peer_ble_id;
p_sec_keyset->keys_peer.p_pk = &m_peer_pk;
// Retrieve the address the peer used during connection establishment.
// This address will be overwritten if ID is shared. Should not fail.
err_code = im_ble_addr_get(conn_handle, &peer_data.p_bonding_data->peer_ble_id.id_addr_info);
if (err_code != NRF_SUCCESS)
{
NRF_LOG_WARNING("im_ble_addr_get() returned %s. conn_handle: %d. Link was likely disconnected.",
nrf_strerror_get(err_code),
conn_handle);
return NRF_ERROR_INVALID_STATE;
}
}
return err_code;
}
ret_code_t smd_params_reply(uint16_t conn_handle,
ble_gap_sec_params_t * p_sec_params,
ble_gap_lesc_p256_pk_t * p_public_key)
{
NRF_PM_DEBUG_CHECK(m_module_initialized);
uint8_t role = ble_conn_state_role(conn_handle);
ret_code_t err_code = NRF_SUCCESS;
uint8_t sec_status = BLE_GAP_SEC_STATUS_SUCCESS;
ble_gap_sec_keyset_t sec_keyset;
memset(&sec_keyset, 0, sizeof(ble_gap_sec_keyset_t));
#ifdef BLE_GAP_ROLE_PERIPH
if (role == BLE_GAP_ROLE_PERIPH)
{
// Set the default value for allowing repairing at the start of the sec proc. (for peripheral)
ble_conn_state_user_flag_set(conn_handle, m_flag_allow_repairing, false);
}
#endif // BLE_GAP_ROLE_PERIPH
if (role == BLE_GAP_ROLE_INVALID)
{
return BLE_ERROR_INVALID_CONN_HANDLE;
}
#if PM_RA_PROTECTION_ENABLED
if (ast_peer_blacklisted(conn_handle)) //Check for repeated attempts here.
{
sec_status = BLE_GAP_SEC_STATUS_REPEATED_ATTEMPTS;
}
else
#endif // PM_RA_PROTECTION_ENABLED
if (p_sec_params == NULL)
{
// NULL params means reject pairing.
sec_status = BLE_GAP_SEC_STATUS_PAIRING_NOT_SUPP;
}
else
{
#ifdef BLE_GAP_ROLE_PERIPH
if ((im_peer_id_get_by_conn_handle(conn_handle) != PM_PEER_ID_INVALID) &&
(role == BLE_GAP_ROLE_PERIPH) &&
!allow_repairing(conn_handle))
{
// Bond already exists. Reject the pairing request if the user doesn't intervene.
send_config_req(conn_handle);
if (!allow_repairing(conn_handle))
{
// Reject pairing.
sec_status = BLE_GAP_SEC_STATUS_PAIRING_NOT_SUPP;
}
}
#endif // BLE_GAP_ROLE_PERIPH
if (!p_sec_params->bond)
{
// Pairing, no bonding.
sec_keyset.keys_own.p_pk = p_public_key;
sec_keyset.keys_peer.p_pk = &m_peer_pk;
}
else if (sec_status != BLE_GAP_SEC_STATUS_PAIRING_NOT_SUPP)
{
// Bonding is to be performed, prepare to receive bonding data.
err_code = sec_keyset_fill(conn_handle, role, p_public_key, &sec_keyset);
}
}
if (err_code == NRF_SUCCESS)
{
// Everything OK, reply to SoftDevice. If an error happened, the user is given an
// opportunity to change the parameters and retry the call.
ble_gap_sec_params_t * p_aux_sec_params = NULL;
#ifdef BLE_GAP_ROLE_PERIPH
p_aux_sec_params = (role == BLE_GAP_ROLE_PERIPH) ? p_sec_params : NULL;
#endif // BLE_GAP_ROLE_PERIPH
err_code = sd_ble_gap_sec_params_reply(conn_handle, sec_status, p_aux_sec_params, &sec_keyset);
}
return err_code;
}
/**@brief Function for initiating pairing as a central, or all security as a periheral.
*
* See @ref smd_link_secure and @ref sd_ble_gap_authenticate for more information.
*/
static ret_code_t link_secure_authenticate(uint16_t conn_handle,
ble_gap_sec_params_t * p_sec_params)
{
ret_code_t err_code = sd_ble_gap_authenticate(conn_handle, p_sec_params);
if (err_code == NRF_ERROR_NO_MEM)
{
// sd_ble_gap_authenticate() returned NRF_ERROR_NO_MEM. Too many other sec procedures running.
err_code = NRF_ERROR_BUSY;
}
return err_code;
}
#if PM_CENTRAL_ENABLED
/**@brief Function for initiating encryption as a central. See @ref smd_link_secure for more info.
*/
static ret_code_t link_secure_central_encryption(uint16_t conn_handle,
pm_peer_id_t peer_id)
{
pm_peer_data_flash_t peer_data;
ret_code_t err_code;
ble_gap_enc_key_t const * p_existing_key = NULL;
bool lesc = false;
err_code = pdb_peer_data_ptr_get(peer_id, PM_PEER_DATA_ID_BONDING, &peer_data);
if (err_code == NRF_SUCCESS)
{
// Use peer's key since they are peripheral.
p_existing_key = &(peer_data.p_bonding_data->peer_ltk);
lesc = peer_data.p_bonding_data->own_ltk.enc_info.lesc;
if (lesc) // LESC was used during bonding.
{
// For LESC, always use own key.
p_existing_key = &(peer_data.p_bonding_data->own_ltk);
}
}
if ((err_code != NRF_SUCCESS) && (err_code != NRF_ERROR_NOT_FOUND))
{
if (err_code != NRF_ERROR_BUSY)
{
NRF_LOG_ERROR("Could not retrieve stored bond. pdb_peer_data_ptr_get() returned %s. "\
"peer_id: %d",
nrf_strerror_get(err_code),
peer_id);
err_code = NRF_ERROR_INTERNAL;
}
}
else if (p_existing_key == NULL) /* There is no bonding data stored. This means that a bonding
procedure is in ongoing, or that the records in flash are
in a bad state. */
{
err_code = NRF_ERROR_BUSY;
}
else if (!lesc && !im_master_id_is_valid(&(p_existing_key->master_id))) /* There is no valid LTK stored. */
{
// No LTK to encrypt with.
err_code = NRF_ERROR_INVALID_DATA;
}
else
{
// Encrypt with existing LTK.
err_code = sd_ble_gap_encrypt(conn_handle,
&(p_existing_key->master_id),
&(p_existing_key->enc_info));
}
sec_proc_start(conn_handle, err_code == NRF_SUCCESS, PM_CONN_SEC_PROCEDURE_ENCRYPTION);
return err_code;
}
/**@brief Function for intiating security as a central. See @ref smd_link_secure for more info.
*/
static ret_code_t link_secure_central(uint16_t conn_handle,
ble_gap_sec_params_t * p_sec_params,
bool force_repairing)
{
ret_code_t err_code;
pm_peer_id_t peer_id;
if (p_sec_params == NULL)
{
return link_secure_authenticate(conn_handle, NULL);
}
// Set the default value for allowing repairing at the start of the sec proc. (for central)
ble_conn_state_user_flag_set(conn_handle, m_flag_allow_repairing, force_repairing);
peer_id = im_peer_id_get_by_conn_handle(conn_handle);
if ((peer_id != PM_PEER_ID_INVALID) && !force_repairing)
{
// There is already data in flash for this peer, and repairing has not been requested, so
// the link will be encrypted with the existing keys.
err_code = link_secure_central_encryption(conn_handle, peer_id);
}
else
{
// There are no existing keys, or repairing has been explicitly requested, so pairing
// (possibly including bonding) will be performed to encrypt the link.
err_code = link_secure_authenticate(conn_handle, p_sec_params);
pm_conn_sec_procedure_t procedure = (p_sec_params && p_sec_params->bond) ?
PM_CONN_SEC_PROCEDURE_BONDING :
PM_CONN_SEC_PROCEDURE_PAIRING;
sec_proc_start(conn_handle, err_code == NRF_SUCCESS, procedure);
}
return err_code;
}
/**@brief Function for processing the @ref BLE_GAP_EVT_SEC_REQUEST event from the SoftDevice.
*
* @param[in] p_gap_evt The event from the SoftDevice.
*/
static void sec_request_process(ble_gap_evt_t const * p_gap_evt)
{
if (sec_procedure(p_gap_evt->conn_handle))
{
// Ignore request as per spec.
return;
}
pm_evt_t evt =
{
.evt_id = PM_EVT_SLAVE_SECURITY_REQ,
.conn_handle = p_gap_evt->conn_handle
};
memcpy(&evt.params.slave_security_req, &p_gap_evt->params.sec_request, sizeof(ble_gap_evt_sec_request_t));
evt_send(&evt);
return;
}
#endif // PM_CENTRAL_ENABLED
#ifdef BLE_GAP_ROLE_PERIPH
/**@brief Function for asking the central to secure the link. See @ref smd_link_secure for more info.
*/
static ret_code_t link_secure_peripheral(uint16_t conn_handle, ble_gap_sec_params_t * p_sec_params)
{
ret_code_t err_code = NRF_SUCCESS;
if (p_sec_params != NULL)
{
err_code = link_secure_authenticate(conn_handle, p_sec_params);
}
return err_code;
}
#endif
ret_code_t smd_link_secure(uint16_t conn_handle,
ble_gap_sec_params_t * p_sec_params,
bool force_repairing)
{
NRF_PM_DEBUG_CHECK(m_module_initialized);
uint8_t role = ble_conn_state_role(conn_handle);
switch (role)
{
#if PM_CENTRAL_ENABLED
case BLE_GAP_ROLE_CENTRAL:
return link_secure_central(conn_handle, p_sec_params, force_repairing);
#endif
#ifdef BLE_GAP_ROLE_PERIPH
case BLE_GAP_ROLE_PERIPH:
return link_secure_peripheral(conn_handle, p_sec_params);
#endif // BLE_GAP_ROLE_PERIPH
default:
return BLE_ERROR_INVALID_CONN_HANDLE;
}
}
void smd_ble_evt_handler(ble_evt_t const * p_ble_evt)
{
switch (p_ble_evt->header.evt_id)
{
case BLE_GAP_EVT_DISCONNECTED:
disconnect_process(&(p_ble_evt->evt.gap_evt));
break;
case BLE_GAP_EVT_SEC_PARAMS_REQUEST:
sec_params_request_process(&(p_ble_evt->evt.gap_evt));
break;
#ifdef BLE_GAP_ROLE_PERIPH
case BLE_GAP_EVT_SEC_INFO_REQUEST:
sec_info_request_process(&(p_ble_evt->evt.gap_evt));
break;
#endif // BLE_GAP_ROLE_PERIPH
#if PM_CENTRAL_ENABLED
case BLE_GAP_EVT_SEC_REQUEST:
sec_request_process(&(p_ble_evt->evt.gap_evt));
break;
#endif
case BLE_GAP_EVT_AUTH_STATUS:
auth_status_process(&(p_ble_evt->evt.gap_evt));
break;
case BLE_GAP_EVT_CONN_SEC_UPDATE:
conn_sec_update_process(&(p_ble_evt->evt.gap_evt));
break;
};
}
#endif //NRF_MODULE_ENABLED(PEER_MANAGER)
Reference in New Issue View Git Blame Copy Permalink