BLE privacy, signing, persistent security database #6932
Conversation
(github client fail)
signing integration between gatt and sm
This change allow vendor pal code to use its own array format.
With this change, it is possible to encode the size of the array viewed by an ArrayView into the type itself: ArrayView<T, Size>. Such objects are lighter than ArrayView of arbitrary size and allows verification of the size at compile time. This change also fix operator== and bring new make_ArrayView overloads.
- Rename LescCrypto into CryptoToolbox - Use ArrayView of fixed size as parameters - Add licence
LE Secure Connections Nordic
|
@paul-szczepanek-arm Please rebase instead of merging mbed-os into the PR. Merging mbed-os blows up the change set and file changes. |
paul-szczepanek-arm
force-pushed
the
security-manager-dev
branch
from
acee983 to
69a0c10
Compare
|
merged with permission because rebase is problematic |
Fix privacy backward compatibility
filtering out individual reports instead of all
|
/morph build |
Build : FAILUREBuild number : 2128 |
|
@paul-szczepanek-arm Head up ^^^ |
The function that gets the address doesn't work when privacy is enabled; report own address as private resolvable.
BLE: Fix wrong macro name for IAR
Fix privacy nrf52
|
Arm License checkout issues with pr-head. Assuming the rebuild is good, will start CI. |
|
/morph build |
|
I can confirm IAR compilation issues have been fixed, validated locally. |
Build : SUCCESSBuild number : 2132 Triggering tests/morph test |
Exporter Build : SUCCESSBuild number : 1756 |
Test : SUCCESSBuild number : 1926 |
Description
This branch adds several feature to the security manager and updates features in other layers connected to it:
Implementations of these features targets the various Nordic boards and the cordio stack.
LE Secure Connection pairing
LE Secure Connection pairing is a new pairing method that has been introduced with Bluetooth 4.2. It uses Elyptic Curve Cryptography and offer better protection against eavesdropping.
Pull Requests:
Gap Privacy
This feature allows a device to sends advertisements packets, scan requests and connections requests with a private address. The goal being to avoid devices tracking. A known peer (bonded) can retrieve the identity of a the by resolving its private address.
Pull Requests:
Gatt Signing and permission
This feature allows the authentication of a known peer sending a write command on an unencrypted link.
To support this feature, the GATT server had to support proper security requirements per attributes.
Pull Requests:
DataBase persistence
This addition allow a user to specify a path to a file that will store the secure database.
Pull Requests: 1 2
Documentation
Handbook (not part of this PR) pull request: 1
Pull request type