Skip to content

BLE: Add KVStore Security DB #13038

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Jul 8, 2020
Merged

BLE: Add KVStore Security DB #13038

merged 5 commits into from
Jul 8, 2020

Conversation

paul-szczepanek-arm
Copy link
Member

@paul-szczepanek-arm paul-szczepanek-arm commented May 29, 2020
edited
Loading

Summary of changes

This adds a new Security DB type for BLE Security Manager. This is optional and disabled by default. The presence of filesystem and kvstore DBs is now set in the mbed_lib.json file with the default values retaining the current setup.

Requires preceding PR: #13037
(so ignore the first commit)

Impact of changes

Migration actions required

Documentation

none

Pull request type 

[] Patch update (Bug fix / Target update / Docs update / Test update / Refactor)
[x] Feature update (New feature / Functionality change / New API)
[] Major update (Breaking change E.g. Return code change / API behaviour change)

Test results 

[] No Tests required for this change (E.g docs only update)
[x] Covered by existing mbed-os tests (Greentea or Unittest)
[] Tests / results supplied as part of this PR

Reviewers

@pan-

@paul-szczepanek-arm paul-szczepanek-arm force-pushed the kvstoredb branch 2 times, most recently from 5ddb77a to b503540 Compare May 29, 2020 16:40
@ciarmcom ciarmcom requested review from pan- and a team May 29, 2020 17:00
@ciarmcom
Copy link
Member

@paul-szczepanek-arm, thank you for your changes.
@pan- @ARMmbed/mbed-os-pan @ARMmbed/mbed-os-maintainers please review.

pan-
pan- approved these changes Jun 1, 2020
View reviewed changes
Copy link
Member

@pan- pan- left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks for adding the changes related to the local identity and adding connection address to the whitelist.

features/FEATURE_BLE/source/generic/FileSecurityDb.cpp Outdated
sign_count_t sign_counter
) {
this->SecurityDb::set_local_sign_counter(sign_counter);
db_write(&_local_sign_counter, DB_OFFSET_LOCAL_SIGN_COUNT);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We talked about it, is it something we want to do everytime the sign counter change ?
I would also either override it in the KVStore implementation and just call the parent method or leave a note here explaining why it isn't overridden (too many writes...)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

that is fixed on the other branch, I'll rebase this

@paul-szczepanek-arm
Copy link
Member Author

had to force push to rebase

@paul-szczepanek-arm paul-szczepanek-arm mentioned this pull request Jun 1, 2020
Merged
@0xc0170 0xc0170 changed the title [BLE] Add KVStore Security DB BLE: Add KVStore Security DB Jun 3, 2020
0xc0170
0xc0170 previously requested changes Jun 3, 2020
View reviewed changes
Copy link
Contributor

@0xc0170 0xc0170 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you extend commit 67ee6f6 with better commit message?

@paul-szczepanek-arm
Copy link
Member Author

I have broken up the commit into smaller pieces and expanded the comments.

@mergify mergify bot dismissed 0xc0170’s stale review June 3, 2020 14:42

Pull request has been modified.

pan-
pan- previously approved these changes Jun 4, 2020
View reviewed changes
0xc0170
0xc0170 previously approved these changes Jun 9, 2020
View reviewed changes
@mergify mergify bot added needs: work and removed needs: CI labels Jun 10, 2020
@mergify
Copy link

mergify bot commented Jun 10, 2020

This PR cannot be merged due to conflicts. Please rebase to resolve them.

@paul-szczepanek-arm
Make kvstore and fs store configured in the lib json
07bcbeb
@paul-szczepanek-arm
Relax the integrity requirement to allow private functions to call th…
f661ce0 
…emselves
@paul-szczepanek-arm
Add a new implementation of security db for KVStore
beb5632 
This works similar to filesystem db but uses the KVStore which it assumes is initialised. This is checked by open_db. On initialisation it either reads the present db or writes a new db into all entries thus guaranteeing that after the initialisation we will not run out of space for the keys and no extra error handling is needed.
@paul-szczepanek-arm
Allow for security db type selection
559d6af 
The selection is now based on the lib json (which allows you to disable filesystem db or kvstore db) and the call to SecurityManager::init. It will always fall back on memory db if no other db is available.
@mergify mergify bot dismissed 0xc0170’s stale review June 10, 2020 15:06

Pull request has been modified.

@adbridge
Copy link
Contributor

@0xc0170 are you happy with this now ?

@paul-szczepanek-arm
Copy link
Member Author

is CI stuck on this? still showing as expecting for me

@0xc0170
Copy link
Contributor

0xc0170 commented Jul 6, 2020

CI started

@mbed-ci
Copy link

mbed-ci commented Jul 6, 2020

Test run: SUCCESS

Summary: 6 of 6 test jobs passed
Build number : 1
Build artifacts

@0xc0170
Copy link
Contributor

0xc0170 commented Jul 6, 2020

@paul-szczepanek-arm Just noticed, can you fix these:

Found files with missing license details, please review and fix
File: /features/FEATURE_BLE/ble/generic/FileSecurityDb.h reason: Missing SPDX license identifier
File: /features/FEATURE_BLE/ble/generic/KVStoreSecurityDb.h reason: Missing SPDX license identifier
File: /features/FEATURE_BLE/ble/generic/SecurityDb.h reason: Missing SPDX license identifier
File: /features/FEATURE_BLE/source/generic/FileSecurityDb.cpp reason: Missing SPDX license identifier
File: /features/FEATURE_BLE/source/generic/KVStoreSecurityDb.cpp reason: Missing SPDX license identifier

Some of these are new files in this PR. Add SDPX and we will restart CI asap

@mergify mergify bot dismissed pan-’s stale review July 6, 2020 14:06

Pull request has been modified.

@0xc0170
Copy link
Contributor

0xc0170 commented Jul 6, 2020

CI started

@mbed-ci
Copy link

mbed-ci commented Jul 6, 2020

Test run: SUCCESS

Summary: 6 of 6 test jobs passed
Build number : 2
Build artifacts

@0xc0170
Copy link
Contributor

0xc0170 commented Jul 7, 2020

Travis restarted to get status update

@0xc0170 0xc0170 merged commit 2ebf2cf into ARMmbed:master Jul 8, 2020
@0xc0170
Copy link
Contributor

0xc0170 commented Jul 8, 2020

Just a check - no docs change for this feature change?

@mergify mergify bot removed the ready for merge label Jul 8, 2020
@paul-szczepanek-arm
Copy link
Member Author

The handbook doesn't mention individual database implementations. They are only documented in the config file and headers. Maybe that's something we should improve but this addition doesn't make the current docs out of date.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@0xc0170 0xc0170 0xc0170 approved these changes

@pan- pan- pan- left review comments

Assignees
No one assigned
Labels
release-version: 6.2.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@paul-szczepanek-arm @ciarmcom @adbridge @0xc0170 @mbed-ci @pan-