id_manager.c 24 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753
  1. /**
  2. * Copyright (c) 2015 - 2019, Nordic Semiconductor ASA
  3. *
  4. * All rights reserved.
  5. *
  6. * Redistribution and use in source and binary forms, with or without modification,
  7. * are permitted provided that the following conditions are met:
  8. *
  9. * 1. Redistributions of source code must retain the above copyright notice, this
  10. * list of conditions and the following disclaimer.
  11. *
  12. * 2. Redistributions in binary form, except as embedded into a Nordic
  13. * Semiconductor ASA integrated circuit in a product or a software update for
  14. * such product, must reproduce the above copyright notice, this list of
  15. * conditions and the following disclaimer in the documentation and/or other
  16. * materials provided with the distribution.
  17. *
  18. * 3. Neither the name of Nordic Semiconductor ASA nor the names of its
  19. * contributors may be used to endorse or promote products derived from this
  20. * software without specific prior written permission.
  21. *
  22. * 4. This software, with or without modification, must only be used with a
  23. * Nordic Semiconductor ASA integrated circuit.
  24. *
  25. * 5. Any software provided in binary form under this license must not be reverse
  26. * engineered, decompiled, modified and/or disassembled.
  27. *
  28. * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS
  29. * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
  30. * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE
  31. * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE
  32. * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  33. * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
  34. * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  35. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  36. * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
  37. * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  38. *
  39. */
  40. #include "sdk_common.h"
  41. #if NRF_MODULE_ENABLED(PEER_MANAGER)
  42. #include "id_manager.h"
  43. #include <string.h>
  44. #include "ble.h"
  45. #include "ble_gap.h"
  46. #include "ble_err.h"
  47. #include "peer_manager_types.h"
  48. #include "peer_database.h"
  49. #include "peer_data_storage.h"
  50. #include "nrf_soc.h"
  51. #include "ble_conn_state.h"
  52. #define NRF_LOG_MODULE_NAME peer_manager_im
  53. #if PM_LOG_ENABLED
  54. #define NRF_LOG_LEVEL PM_LOG_LEVEL
  55. #define NRF_LOG_INFO_COLOR PM_LOG_INFO_COLOR
  56. #define NRF_LOG_DEBUG_COLOR PM_LOG_DEBUG_COLOR
  57. #else
  58. #define NRF_LOG_LEVEL 0
  59. #endif // PM_LOG_ENABLED
  60. #include "nrf_log.h"
  61. #include "nrf_log_ctrl.h"
  62. NRF_LOG_MODULE_REGISTER();
  63. #define IM_MAX_CONN_HANDLES (20)
  64. #define IM_NO_INVALID_CONN_HANDLES (0xFF)
  65. #define IM_ADDR_CLEARTEXT_LENGTH (3)
  66. #define IM_ADDR_CIPHERTEXT_LENGTH (3)
  67. // The number of registered event handlers.
  68. #define IM_EVENT_HANDLERS_CNT (sizeof(m_evt_handlers) / sizeof(m_evt_handlers[0]))
  69. // Identity Manager event handlers in Peer Manager and GATT Cache Manager.
  70. extern void pm_im_evt_handler(pm_evt_t * p_event);
  71. extern void gcm_im_evt_handler(pm_evt_t * p_event);
  72. // Identity Manager events' handlers.
  73. // The number of elements in this array is IM_EVENT_HANDLERS_CNT.
  74. static pm_evt_handler_internal_t const m_evt_handlers[] =
  75. {
  76. pm_im_evt_handler,
  77. gcm_im_evt_handler
  78. };
  79. typedef struct
  80. {
  81. pm_peer_id_t peer_id;
  82. ble_gap_addr_t peer_address;
  83. } im_connection_t;
  84. static im_connection_t m_connections[IM_MAX_CONN_HANDLES];
  85. static uint8_t m_wlisted_peer_cnt;
  86. static pm_peer_id_t m_wlisted_peers[BLE_GAP_WHITELIST_ADDR_MAX_COUNT];
  87. /**@brief Function for sending an event to all registered event handlers.
  88. *
  89. * @param[in] p_event The event to distribute.
  90. */
  91. static void evt_send(pm_evt_t * p_event)
  92. {
  93. for (uint32_t i = 0; i < IM_EVENT_HANDLERS_CNT; i++)
  94. {
  95. m_evt_handlers[i](p_event);
  96. }
  97. }
  98. /**@brief Function checking the validity of an IRK
  99. *
  100. * @detail An all-zero IRK is not valid. This function will check if a given IRK is valid.
  101. *
  102. * @param[in] p_irk The IRK for which the validity is going to be checked.
  103. *
  104. * @retval true The IRK is valid.
  105. * @retval false The IRK is invalid.
  106. */
  107. bool is_valid_irk(ble_gap_irk_t const * p_irk)
  108. {
  109. NRF_PM_DEBUG_CHECK(p_irk != NULL);
  110. for (uint32_t i = 0; i < BLE_GAP_SEC_KEY_LEN; i++)
  111. {
  112. if (p_irk->irk[i] != 0)
  113. {
  114. return true;
  115. }
  116. }
  117. return false;
  118. }
  119. /**@brief Function for comparing two addresses to determine if they are identical
  120. *
  121. * @note The address type need to be identical, as well as every bit in the address itself.
  122. *
  123. * @param[in] p_addr1 The first address to be compared.
  124. * @param[in] p_addr2 The second address to be compared.
  125. *
  126. * @retval true The addresses are identical.
  127. * @retval false The addresses are not identical.
  128. */
  129. bool addr_compare(ble_gap_addr_t const * p_addr1, ble_gap_addr_t const * p_addr2)
  130. {
  131. // @note emdi: use NRF_PM_DEBUG_CHECK ?
  132. if ((p_addr1 == NULL) || (p_addr2 == NULL))
  133. {
  134. return false;
  135. }
  136. // Check that the addr type is identical, return false if it is not
  137. if (p_addr1->addr_type != p_addr2->addr_type)
  138. {
  139. return false;
  140. }
  141. // Check if the addr bytes are is identical
  142. return (memcmp(p_addr1->addr, p_addr2->addr, BLE_GAP_ADDR_LEN) == 0);
  143. }
  144. void im_ble_evt_handler(ble_evt_t const * ble_evt)
  145. {
  146. ble_gap_evt_t gap_evt;
  147. pm_peer_id_t bonded_matching_peer_id;
  148. if (ble_evt->header.evt_id != BLE_GAP_EVT_CONNECTED)
  149. {
  150. // Nothing to do.
  151. return;
  152. }
  153. gap_evt = ble_evt->evt.gap_evt;
  154. bonded_matching_peer_id = PM_PEER_ID_INVALID;
  155. if ( gap_evt.params.connected.peer_addr.addr_type
  156. != BLE_GAP_ADDR_TYPE_RANDOM_PRIVATE_NON_RESOLVABLE)
  157. {
  158. /* Search the database for bonding data matching the one that triggered the event.
  159. * Public and static addresses can be matched on address alone, while resolvable
  160. * random addresses can be resolved agains known IRKs. Non-resolvable random addresses
  161. * are never matching because they are not longterm form of identification.
  162. */
  163. pm_peer_id_t peer_id;
  164. pm_peer_data_flash_t peer_data;
  165. pds_peer_data_iterate_prepare();
  166. switch (gap_evt.params.connected.peer_addr.addr_type)
  167. {
  168. case BLE_GAP_ADDR_TYPE_PUBLIC:
  169. case BLE_GAP_ADDR_TYPE_RANDOM_STATIC:
  170. {
  171. while (pds_peer_data_iterate(PM_PEER_DATA_ID_BONDING, &peer_id, &peer_data))
  172. {
  173. if (addr_compare(&gap_evt.params.connected.peer_addr,
  174. &peer_data.p_bonding_data->peer_ble_id.id_addr_info))
  175. {
  176. bonded_matching_peer_id = peer_id;
  177. break;
  178. }
  179. }
  180. }
  181. break;
  182. case BLE_GAP_ADDR_TYPE_RANDOM_PRIVATE_RESOLVABLE:
  183. {
  184. while (pds_peer_data_iterate(PM_PEER_DATA_ID_BONDING, &peer_id, &peer_data))
  185. {
  186. if (im_address_resolve(&gap_evt.params.connected.peer_addr,
  187. &peer_data.p_bonding_data->peer_ble_id.id_info))
  188. {
  189. bonded_matching_peer_id = peer_id;
  190. break;
  191. }
  192. }
  193. }
  194. break;
  195. default:
  196. NRF_PM_DEBUG_CHECK(false);
  197. break;
  198. }
  199. }
  200. m_connections[gap_evt.conn_handle].peer_id = bonded_matching_peer_id;
  201. m_connections[gap_evt.conn_handle].peer_address = gap_evt.params.connected.peer_addr;
  202. if (bonded_matching_peer_id != PM_PEER_ID_INVALID)
  203. {
  204. // Send a bonded peer event
  205. pm_evt_t im_evt;
  206. im_evt.conn_handle = gap_evt.conn_handle;
  207. im_evt.peer_id = bonded_matching_peer_id;
  208. im_evt.evt_id = PM_EVT_BONDED_PEER_CONNECTED;
  209. evt_send(&im_evt);
  210. }
  211. }
  212. /**@brief Function to compare two sets of bonding data to check if they belong to the same device.
  213. * @note Invalid irks will never match even though they are identical.
  214. *
  215. * @param[in] p_bonding_data1 First bonding data for comparison
  216. * @param[in] p_bonding_data2 Second bonding data for comparison
  217. *
  218. * @return True if the input matches, false if it does not.
  219. */
  220. bool im_is_duplicate_bonding_data(pm_peer_data_bonding_t const * p_bonding_data1,
  221. pm_peer_data_bonding_t const * p_bonding_data2)
  222. {
  223. NRF_PM_DEBUG_CHECK(p_bonding_data1 != NULL);
  224. NRF_PM_DEBUG_CHECK(p_bonding_data2 != NULL);
  225. ble_gap_addr_t const * p_addr1 = &p_bonding_data1->peer_ble_id.id_addr_info;
  226. ble_gap_addr_t const * p_addr2 = &p_bonding_data2->peer_ble_id.id_addr_info;
  227. bool duplicate_irk = ((memcmp(p_bonding_data1->peer_ble_id.id_info.irk,
  228. p_bonding_data2->peer_ble_id.id_info.irk,
  229. BLE_GAP_SEC_KEY_LEN) == 0)
  230. && is_valid_irk(&p_bonding_data1->peer_ble_id.id_info)
  231. && is_valid_irk(&p_bonding_data2->peer_ble_id.id_info));
  232. bool duplicate_addr = addr_compare(p_addr1, p_addr2);
  233. bool id_addrs = ((p_addr1->addr_type != BLE_GAP_ADDR_TYPE_RANDOM_PRIVATE_RESOLVABLE)
  234. && (p_addr1->addr_type != BLE_GAP_ADDR_TYPE_RANDOM_PRIVATE_NON_RESOLVABLE)
  235. && (p_addr2->addr_type != BLE_GAP_ADDR_TYPE_RANDOM_PRIVATE_RESOLVABLE)
  236. && (p_addr2->addr_type != BLE_GAP_ADDR_TYPE_RANDOM_PRIVATE_NON_RESOLVABLE));
  237. return (duplicate_addr && id_addrs) || (duplicate_irk && !id_addrs);
  238. }
  239. pm_peer_id_t im_find_duplicate_bonding_data(pm_peer_data_bonding_t const * p_bonding_data,
  240. pm_peer_id_t peer_id_skip)
  241. {
  242. pm_peer_id_t peer_id;
  243. pm_peer_data_flash_t peer_data_duplicate;
  244. NRF_PM_DEBUG_CHECK(p_bonding_data != NULL);
  245. pds_peer_data_iterate_prepare();
  246. while (pds_peer_data_iterate(PM_PEER_DATA_ID_BONDING, &peer_id, &peer_data_duplicate))
  247. {
  248. if ( (peer_id != peer_id_skip)
  249. && im_is_duplicate_bonding_data(p_bonding_data,
  250. peer_data_duplicate.p_bonding_data))
  251. {
  252. return peer_id;
  253. }
  254. }
  255. return PM_PEER_ID_INVALID;
  256. }
  257. pm_peer_id_t im_peer_id_get_by_conn_handle(uint16_t conn_handle)
  258. {
  259. if ((conn_handle >= IM_MAX_CONN_HANDLES) || !ble_conn_state_valid(conn_handle))
  260. {
  261. return PM_PEER_ID_INVALID;
  262. }
  263. return m_connections[conn_handle].peer_id;
  264. }
  265. ret_code_t im_ble_addr_get(uint16_t conn_handle, ble_gap_addr_t * p_ble_addr)
  266. {
  267. NRF_PM_DEBUG_CHECK(p_ble_addr != NULL);
  268. if ((conn_handle >= IM_MAX_CONN_HANDLES) || !ble_conn_state_valid(conn_handle))
  269. {
  270. return BLE_ERROR_INVALID_CONN_HANDLE;
  271. }
  272. *p_ble_addr = m_connections[conn_handle].peer_address;
  273. return NRF_SUCCESS;
  274. }
  275. bool im_master_ids_compare(ble_gap_master_id_t const * p_master_id1,
  276. ble_gap_master_id_t const * p_master_id2)
  277. {
  278. NRF_PM_DEBUG_CHECK(p_master_id1 != NULL);
  279. NRF_PM_DEBUG_CHECK(p_master_id2 != NULL);
  280. if (!im_master_id_is_valid(p_master_id1))
  281. {
  282. return false;
  283. }
  284. if (p_master_id1->ediv != p_master_id2->ediv)
  285. {
  286. return false;
  287. }
  288. return (memcmp(p_master_id1->rand, p_master_id2->rand, BLE_GAP_SEC_RAND_LEN) == 0);
  289. }
  290. pm_peer_id_t im_peer_id_get_by_master_id(ble_gap_master_id_t const * p_master_id)
  291. {
  292. pm_peer_id_t peer_id;
  293. pm_peer_data_flash_t peer_data;
  294. NRF_PM_DEBUG_CHECK(p_master_id != NULL);
  295. pds_peer_data_iterate_prepare();
  296. // For each stored peer, check if the master_id matches p_master_id
  297. while (pds_peer_data_iterate(PM_PEER_DATA_ID_BONDING, &peer_id, &peer_data))
  298. {
  299. if (im_master_ids_compare(p_master_id, &peer_data.p_bonding_data->own_ltk.master_id) ||
  300. im_master_ids_compare(p_master_id, &peer_data.p_bonding_data->peer_ltk.master_id))
  301. {
  302. // If a matching master ID is found then return the peer ID.
  303. return peer_id;
  304. }
  305. }
  306. // If no matching master ID is found return PM_PEER_ID_INVALID.
  307. return PM_PEER_ID_INVALID;
  308. }
  309. uint16_t im_conn_handle_get(pm_peer_id_t peer_id)
  310. {
  311. if (peer_id == PM_PEER_ID_INVALID)
  312. {
  313. return BLE_CONN_HANDLE_INVALID;
  314. }
  315. for (uint16_t conn_handle = 0; conn_handle < IM_MAX_CONN_HANDLES; conn_handle++)
  316. {
  317. if ((m_connections[conn_handle].peer_id == peer_id) && ble_conn_state_valid(conn_handle))
  318. {
  319. return conn_handle;
  320. }
  321. }
  322. return BLE_CONN_HANDLE_INVALID;
  323. }
  324. bool im_master_id_is_valid(ble_gap_master_id_t const * p_master_id)
  325. {
  326. if (p_master_id->ediv != 0)
  327. {
  328. return true;
  329. }
  330. for (uint32_t i = 0; i < BLE_GAP_SEC_RAND_LEN; i++)
  331. {
  332. if (p_master_id->rand[i] != 0)
  333. {
  334. return true;
  335. }
  336. }
  337. return false;
  338. }
  339. void im_new_peer_id(uint16_t conn_handle, pm_peer_id_t peer_id)
  340. {
  341. if (conn_handle < IM_MAX_CONN_HANDLES)
  342. {
  343. m_connections[conn_handle].peer_id = peer_id;
  344. }
  345. }
  346. ret_code_t im_peer_free(pm_peer_id_t peer_id)
  347. {
  348. uint16_t conn_handle;
  349. ret_code_t ret;
  350. conn_handle = im_conn_handle_get(peer_id);
  351. ret = pdb_peer_free(peer_id);
  352. if (ret == NRF_SUCCESS && (conn_handle < IM_MAX_CONN_HANDLES))
  353. {
  354. m_connections[conn_handle].peer_id = PM_PEER_ID_INVALID;
  355. }
  356. return ret;
  357. }
  358. /**@brief Given a list of peers, loads their GAP address and IRK into the provided buffers.
  359. */
  360. static ret_code_t peers_id_keys_get(pm_peer_id_t const * p_peers,
  361. uint32_t peer_cnt,
  362. ble_gap_addr_t * p_gap_addrs,
  363. uint32_t * p_addr_cnt,
  364. ble_gap_irk_t * p_gap_irks,
  365. uint32_t * p_irk_cnt)
  366. {
  367. ret_code_t ret;
  368. pm_peer_data_bonding_t bond_data;
  369. pm_peer_data_t peer_data;
  370. uint16_t const buf_size = sizeof(bond_data);
  371. bool copy_addrs = false;
  372. bool copy_irks = false;
  373. NRF_PM_DEBUG_CHECK(p_peers != NULL);
  374. // One of these two has to be provided.
  375. NRF_PM_DEBUG_CHECK((p_gap_addrs != NULL) || (p_gap_irks != NULL));
  376. if ((p_gap_addrs != NULL) && (p_addr_cnt != NULL))
  377. {
  378. NRF_PM_DEBUG_CHECK((*p_addr_cnt) >= peer_cnt);
  379. copy_addrs = true;
  380. *p_addr_cnt = 0;
  381. }
  382. if ((p_gap_irks != NULL) && (p_irk_cnt != NULL))
  383. {
  384. NRF_PM_DEBUG_CHECK((*p_irk_cnt) >= peer_cnt);
  385. copy_irks = true;
  386. *p_irk_cnt = 0;
  387. }
  388. memset(&peer_data, 0x00, sizeof(peer_data));
  389. peer_data.p_bonding_data = &bond_data;
  390. // Read through flash memory and look for peers ID keys.
  391. for (uint32_t i = 0; i < peer_cnt; i++)
  392. {
  393. memset(&bond_data, 0x00, sizeof(bond_data));
  394. // Read peer data from flash.
  395. ret = pds_peer_data_read(p_peers[i], PM_PEER_DATA_ID_BONDING,
  396. &peer_data, &buf_size);
  397. if ((ret == NRF_ERROR_NOT_FOUND) || (ret == NRF_ERROR_INVALID_PARAM))
  398. {
  399. // Peer data coulnd't be found in flash or peer ID is not valid.
  400. return NRF_ERROR_NOT_FOUND;
  401. }
  402. uint8_t const addr_type = bond_data.peer_ble_id.id_addr_info.addr_type;
  403. if ((addr_type != BLE_GAP_ADDR_TYPE_PUBLIC) &&
  404. (addr_type != BLE_GAP_ADDR_TYPE_RANDOM_STATIC))
  405. {
  406. // The address shared by the peer during bonding can't be used for whitelisting.
  407. return BLE_ERROR_GAP_INVALID_BLE_ADDR;
  408. }
  409. // Copy the GAP address.
  410. if (copy_addrs)
  411. {
  412. memcpy(&p_gap_addrs[i], &bond_data.peer_ble_id.id_addr_info, sizeof(ble_gap_addr_t));
  413. (*p_addr_cnt)++;
  414. }
  415. // Copy the IRK.
  416. if (copy_irks)
  417. {
  418. memcpy(&p_gap_irks[i], bond_data.peer_ble_id.id_info.irk, BLE_GAP_SEC_KEY_LEN);
  419. (*p_irk_cnt)++;
  420. }
  421. }
  422. return NRF_SUCCESS;
  423. }
  424. ret_code_t im_device_identities_list_set(pm_peer_id_t const * p_peers,
  425. uint32_t peer_cnt)
  426. {
  427. ret_code_t ret;
  428. pm_peer_data_t peer_data;
  429. pm_peer_data_bonding_t bond_data;
  430. ble_gap_id_key_t keys[BLE_GAP_DEVICE_IDENTITIES_MAX_COUNT];
  431. ble_gap_id_key_t const * key_ptrs[BLE_GAP_DEVICE_IDENTITIES_MAX_COUNT];
  432. if ((p_peers == NULL) || (peer_cnt == 0))
  433. {
  434. // Clear the device identities list.
  435. return sd_ble_gap_device_identities_set(NULL, NULL, 0);
  436. }
  437. peer_data.p_bonding_data = &bond_data;
  438. uint16_t const buf_size = sizeof(bond_data);
  439. memset(keys, 0x00, sizeof(keys));
  440. for (uint32_t i = 0; i < BLE_GAP_DEVICE_IDENTITIES_MAX_COUNT; i++)
  441. {
  442. key_ptrs[i] = &keys[i];
  443. }
  444. for (uint32_t i = 0; i < peer_cnt; i++)
  445. {
  446. memset(&bond_data, 0x00, sizeof(bond_data));
  447. // Read peer data from flash.
  448. ret = pds_peer_data_read(p_peers[i], PM_PEER_DATA_ID_BONDING,
  449. &peer_data, &buf_size);
  450. if ((ret == NRF_ERROR_NOT_FOUND) || (ret == NRF_ERROR_INVALID_PARAM))
  451. {
  452. NRF_LOG_WARNING("peer id %d: Peer data could not be found in flash. Remove the peer ID "
  453. "from the peer list and try again.",
  454. p_peers[i]);
  455. return NRF_ERROR_NOT_FOUND;
  456. }
  457. uint8_t const addr_type = bond_data.peer_ble_id.id_addr_info.addr_type;
  458. if ((addr_type != BLE_GAP_ADDR_TYPE_PUBLIC) &&
  459. (addr_type != BLE_GAP_ADDR_TYPE_RANDOM_STATIC))
  460. {
  461. NRF_LOG_WARNING("peer id %d: The address shared by the peer during bonding cannot be "
  462. "whitelisted. Remove the peer ID from the peer list and try again.",
  463. p_peers[i]);
  464. return BLE_ERROR_GAP_INVALID_BLE_ADDR;
  465. }
  466. // Copy data to the buffer.
  467. memcpy(&keys[i], &bond_data.peer_ble_id, sizeof(ble_gap_id_key_t));
  468. }
  469. return sd_ble_gap_device_identities_set(key_ptrs, NULL, peer_cnt);
  470. }
  471. ret_code_t im_id_addr_set(ble_gap_addr_t const * p_addr)
  472. {
  473. return sd_ble_gap_addr_set(p_addr);
  474. }
  475. ret_code_t im_id_addr_get(ble_gap_addr_t * p_addr)
  476. {
  477. NRF_PM_DEBUG_CHECK(p_addr != NULL);
  478. return sd_ble_gap_addr_get(p_addr);
  479. }
  480. ret_code_t im_privacy_set(pm_privacy_params_t const * p_privacy_params)
  481. {
  482. return sd_ble_gap_privacy_set(p_privacy_params);
  483. }
  484. ret_code_t im_privacy_get(pm_privacy_params_t * p_privacy_params)
  485. {
  486. return sd_ble_gap_privacy_get(p_privacy_params);
  487. }
  488. /* Create a whitelist for the user using the cached list of peers.
  489. * This whitelist is meant to be provided by the application to the Advertising module.
  490. */
  491. ret_code_t im_whitelist_get(ble_gap_addr_t * p_addrs,
  492. uint32_t * p_addr_cnt,
  493. ble_gap_irk_t * p_irks,
  494. uint32_t * p_irk_cnt)
  495. {
  496. // One of the two buffers has to be provided.
  497. NRF_PM_DEBUG_CHECK((p_addrs != NULL) || (p_irks != NULL));
  498. NRF_PM_DEBUG_CHECK((p_addr_cnt != NULL) || (p_irk_cnt != NULL));
  499. if (((p_addr_cnt != NULL) && (m_wlisted_peer_cnt > *p_addr_cnt)) ||
  500. ((p_irk_cnt != NULL) && (m_wlisted_peer_cnt > *p_irk_cnt)))
  501. {
  502. // The size of the cached list of peers is larger than the provided buffers.
  503. return NRF_ERROR_NO_MEM;
  504. }
  505. // NRF_SUCCESS or
  506. // NRF_ERROR_NOT_FOUND, if a peer or its data were not found.
  507. // BLE_ERROR_GAP_INVALID_BLE_ADDR, if a peer address can not be used for whitelisting.
  508. return peers_id_keys_get(m_wlisted_peers, m_wlisted_peer_cnt,
  509. p_addrs, p_addr_cnt,
  510. p_irks, p_irk_cnt);
  511. }
  512. /* Copies the peers to whitelist into a local cache.
  513. * The cached list will be used by im_whitelist_get() to retrieve the active whitelist.
  514. * For SoftDevices 3x, also loads the peers' GAP addresses and whitelists them using
  515. * sd_ble_gap_whitelist_set().
  516. */
  517. ret_code_t im_whitelist_set(pm_peer_id_t const * p_peers,
  518. uint32_t peer_cnt)
  519. {
  520. // Clear the cache of whitelisted peers.
  521. memset(m_wlisted_peers, 0x00, sizeof(m_wlisted_peers));
  522. if ((p_peers == NULL) || (peer_cnt == 0))
  523. {
  524. // Clear the current whitelist.
  525. m_wlisted_peer_cnt = 0;
  526. // NRF_SUCCESS, or
  527. // BLE_GAP_ERROR_WHITELIST_IN_USE
  528. return sd_ble_gap_whitelist_set(NULL, 0);
  529. }
  530. // Copy the new whitelisted peers.
  531. m_wlisted_peer_cnt = peer_cnt;
  532. memcpy(m_wlisted_peers, p_peers, sizeof(pm_peer_id_t) * peer_cnt);
  533. ret_code_t ret;
  534. uint32_t wlist_addr_cnt = 0;
  535. ble_gap_addr_t const * addr_ptrs[BLE_GAP_WHITELIST_ADDR_MAX_COUNT];
  536. ble_gap_addr_t addrs[BLE_GAP_WHITELIST_ADDR_MAX_COUNT];
  537. memset(addrs, 0x00, sizeof(addrs));
  538. // Fetch GAP addresses for these peers, but don't fetch IRKs.
  539. ret = peers_id_keys_get(p_peers, peer_cnt, addrs, &wlist_addr_cnt, NULL, NULL);
  540. if (ret != NRF_SUCCESS)
  541. {
  542. // NRF_ERROR_NOT_FOUND, if a peer or its data were not found.
  543. // BLE_ERROR_GAP_INVALID_BLE_ADDR, if a peer address can not be used for whitelisting.
  544. return ret;
  545. }
  546. for (uint32_t i = 0; i < BLE_GAP_WHITELIST_ADDR_MAX_COUNT; i++)
  547. {
  548. addr_ptrs[i] = &addrs[i];
  549. }
  550. // NRF_ERROR_DATA_SIZE, if peer_cnt > BLE_GAP_WHITELIST_ADDR_MAX_COUNT.
  551. // BLE_ERROR_GAP_WHITELIST_IN_USE, if a whitelist is in use.
  552. return sd_ble_gap_whitelist_set(addr_ptrs, peer_cnt);
  553. }
  554. /**@brief Function for calculating the ah() hash function described in Bluetooth core specification
  555. * 4.2 section 3.H.2.2.2.
  556. *
  557. * @detail BLE uses a hash function to calculate the first half of a resolvable address
  558. * from the second half of the address and an irk. This function will use the ECB
  559. * periferal to hash these data acording to the Bluetooth core specification.
  560. *
  561. * @note The ECB expect little endian input and output.
  562. * This function expect big endian and will reverse the data as necessary.
  563. *
  564. * @param[in] p_k The key used in the hash function.
  565. * For address resolution this is should be the irk.
  566. * The array must have a length of 16.
  567. * @param[in] p_r The rand used in the hash function. For generating a new address
  568. * this would be a random number. For resolving a resolvable address
  569. * this would be the last half of the address being resolved.
  570. * The array must have a length of 3.
  571. * @param[out] p_local_hash The result of the hash operation. For address resolution this
  572. * will match the first half of the address being resolved if and only
  573. * if the irk used in the hash function is the same one used to generate
  574. * the address.
  575. * The array must have a length of 16.
  576. */
  577. void ah(uint8_t const * p_k, uint8_t const * p_r, uint8_t * p_local_hash)
  578. {
  579. nrf_ecb_hal_data_t ecb_hal_data;
  580. for (uint32_t i = 0; i < SOC_ECB_KEY_LENGTH; i++)
  581. {
  582. ecb_hal_data.key[i] = p_k[SOC_ECB_KEY_LENGTH - 1 - i];
  583. }
  584. memset(ecb_hal_data.cleartext, 0, SOC_ECB_KEY_LENGTH - IM_ADDR_CLEARTEXT_LENGTH);
  585. for (uint32_t i = 0; i < IM_ADDR_CLEARTEXT_LENGTH; i++)
  586. {
  587. ecb_hal_data.cleartext[SOC_ECB_KEY_LENGTH - 1 - i] = p_r[i];
  588. }
  589. // Can only return NRF_SUCCESS.
  590. (void) sd_ecb_block_encrypt(&ecb_hal_data);
  591. for (uint32_t i = 0; i < IM_ADDR_CIPHERTEXT_LENGTH; i++)
  592. {
  593. p_local_hash[i] = ecb_hal_data.ciphertext[SOC_ECB_KEY_LENGTH - 1 - i];
  594. }
  595. }
  596. bool im_address_resolve(ble_gap_addr_t const * p_addr, ble_gap_irk_t const * p_irk)
  597. {
  598. uint8_t hash[IM_ADDR_CIPHERTEXT_LENGTH];
  599. uint8_t local_hash[IM_ADDR_CIPHERTEXT_LENGTH];
  600. uint8_t prand[IM_ADDR_CLEARTEXT_LENGTH];
  601. if (p_addr->addr_type != BLE_GAP_ADDR_TYPE_RANDOM_PRIVATE_RESOLVABLE)
  602. {
  603. return false;
  604. }
  605. memcpy(hash, p_addr->addr, IM_ADDR_CIPHERTEXT_LENGTH);
  606. memcpy(prand, &p_addr->addr[IM_ADDR_CIPHERTEXT_LENGTH], IM_ADDR_CLEARTEXT_LENGTH);
  607. ah(p_irk->irk, prand, local_hash);
  608. return (memcmp(hash, local_hash, IM_ADDR_CIPHERTEXT_LENGTH) == 0);
  609. }
  610. #endif // NRF_MODULE_ENABLED(PEER_MANAGER)