donatieng
diff --git a/‎features/FEATURE_BLE/ble/SecurityManager.h
Lines changed: 6 additions & 1 deletion b/‎features/FEATURE_BLE/ble/SecurityManager.h
Lines changed: 6 additions & 1 deletion
diff --git a/‎features/FEATURE_BLE/ble/generic/FileSecurityDb.h
Lines changed: 157 additions & 0 deletions b/‎features/FEATURE_BLE/ble/generic/FileSecurityDb.h
Lines changed: 157 additions & 0 deletions
diff --git a/‎features/FEATURE_BLE/ble/generic/GenericSecurityManager.h
Lines changed: 24 additions & 23 deletions b/‎features/FEATURE_BLE/ble/generic/GenericSecurityManager.h
Lines changed: 24 additions & 23 deletions
@@ -417,19 +417,24 @@ class SecurityManager {
      *                           support out-of-band exchanges of security data.
      * @param[in]  passkey       To specify a static passkey.
      * @param[in]  signing       Generate and distribute signing key during pairing
+     * @param[in]  dbPath        Path to the folder used to store keys in the filesystem,
+     *                           if NULL keys will be only stored in memory
+     *
      *
      * @return BLE_ERROR_NONE on success.
      */
     virtual ble_error_t init(bool                     enableBonding = true,
                              bool                     requireMITM   = true,
                              SecurityIOCapabilities_t iocaps        = IO_CAPS_NONE,
                              const Passkey_t          passkey       = NULL,
-                             bool                     signing       = true) {
+                             bool                     signing       = true,
+                             const char              *dbPath        = NULL) {
         /* Avoid compiler warnings about unused variables. */
         (void)enableBonding;
         (void)requireMITM;
         (void)iocaps;
         (void)passkey;
+        (void)dbPath;
 
         return BLE_ERROR_NOT_IMPLEMENTED; /* Requesting action from porters: override this API if security is supported. */
     }
 
@@ -0,0 +1,157 @@
+/* mbed Microcontroller Library
+ * Copyright (c) 2018 ARM Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef GENERIC_FILE_SECURITY_DB_H_
+#define GENERIC_FILE_SECURITY_DB_H_
+
+#include "SecurityDb.h"
+
+#include <stdio.h>
+
+namespace ble {
+namespace generic {
+
+/** Filesystem implementation */
+class FileSecurityDb : public SecurityDb {
+private:
+
+    struct entry_t {
+        SecurityDistributionFlags_t flags;
+        sign_count_t peer_sign_counter;
+        size_t file_offset;
+    };
+
+    static const size_t MAX_ENTRIES = 5;
+
+    static entry_t* as_entry(entry_handle_t db_handle) {
+        return reinterpret_cast<entry_t*>(db_handle);
+    }
+
+    template<class T>
+    void db_read(T *value, long int offset) {
+        fseek(_db_file, offset, SEEK_SET);
+        fread(value, sizeof(T), 1, _db_file);
+    }
+
+    template<class T>
+    void db_write(T *value, long int offset) {
+        fseek(_db_file, offset, SEEK_SET);
+        fwrite(value, sizeof(T), 1, _db_file);
+    }
+
+public:
+    FileSecurityDb(FILE *db_file);
+    virtual ~FileSecurityDb();
+
+    /**
+     * Validates or creates a file for the security database.
+     * @param db_path path to the file
+     * @return FILE handle open and ready for use by the database or NULL if unavailable
+     */
+    static FILE* open_db_file(const char *db_path);
+
+    virtual SecurityDistributionFlags_t* get_distribution_flags(
+        entry_handle_t db_handle
+    );
+
+
+    /* local keys */
+
+    /* set */
+    virtual void set_entry_local_ltk(
+        entry_handle_t db_handle,
+        const ltk_t &ltk
+    );
+
+    virtual void set_entry_local_ediv_rand(
+        entry_handle_t db_handle,
+        const ediv_t &ediv,
+        const rand_t &rand
+    );
+
+    /* peer's keys */
+
+    /* set */
+
+    virtual void set_entry_peer_ltk(
+        entry_handle_t db_handle,
+        const ltk_t &ltk
+    );
+
+    virtual void set_entry_peer_ediv_rand(
+        entry_handle_t db_handle,
+        const ediv_t &ediv,
+        const rand_t &rand
+    );
+
+    virtual void set_entry_peer_irk(
+        entry_handle_t db_handle,
+        const irk_t &irk
+    );
+
+    virtual void set_entry_peer_bdaddr(
+        entry_handle_t db_handle,
+        bool address_is_public,
+        const address_t &peer_address
+    );
+
+    virtual void set_entry_peer_csrk(
+        entry_handle_t db_handle,
+        const csrk_t &csrk
+    );
+
+    virtual void set_entry_peer_sign_counter(
+        entry_handle_t db_handle,
+        sign_count_t sign_counter
+    );
+
+    /* saving and loading from nvm */
+
+    virtual void restore();
+
+    virtual void sync(entry_handle_t db_handle);
+
+    virtual void set_restore(bool reload);
+
+private:
+    virtual uint8_t get_entry_count();
+
+    virtual SecurityDistributionFlags_t* get_entry_handle_by_index(uint8_t index);
+
+    virtual void reset_entry(entry_handle_t db_handle);
+
+    virtual SecurityEntryIdentity_t* read_in_entry_peer_identity(entry_handle_t db_handle);
+    virtual SecurityEntryKeys_t* read_in_entry_peer_keys(entry_handle_t db_handle);
+    virtual SecurityEntryKeys_t* read_in_entry_local_keys(entry_handle_t db_handle);
+    virtual SecurityEntrySigning_t* read_in_entry_peer_signing(entry_handle_t db_handle);
+
+    /**
+     * Zero the db file.
+     * @param db_file filehandle for file to erase
+     * @return filehandle when successful, otherwise NULL
+     */
+    static FILE* erase_db_file(FILE* db_file);
+
+private:
+    entry_t _entries[MAX_ENTRIES];
+    FILE *_db_file;
+    uint8_t _buffer[sizeof(SecurityEntryKeys_t)];
+};
+
+} /* namespace pal */
+} /* namespace ble */
+
+#endif /*GENERIC_FILE_SECURITY_DB_H_*/
@@ -19,7 +19,7 @@
 
 #include "ble/pal/GapTypes.h"
 #include "ble/BLETypes.h"
-#include "ble/pal/SecurityDb.h"
+#include "ble/generic/SecurityDb.h"
 #include "platform/Callback.h"
 #include "ble/pal/ConnectionEventMonitor.h"
 #include "ble/pal/SigningEventMonitor.h"
@@ -37,8 +37,6 @@ class GenericSecurityManager : public SecurityManager,
                                public pal::ConnectionEventMonitor::EventHandler,
                                public pal::SigningEventMonitor::EventHandler {
 public:
-    typedef ble::pal::SecurityDistributionFlags_t SecurityDistributionFlags_t;
-    typedef ble::pal::SecurityEntryKeys_t SecurityEntryKeys_t;
 
     /* implements SecurityManager */
 
@@ -51,7 +49,8 @@ class GenericSecurityManager : public SecurityManager,
         bool mitm = true,
         SecurityIOCapabilities_t iocaps = IO_CAPS_NONE,
         const Passkey_t passkey = NULL,
-        bool signing = true
+        bool signing = true,
+        const char* db_path = NULL
     );
 
     virtual ble_error_t reset();
@@ -236,13 +235,12 @@ class GenericSecurityManager : public SecurityManager,
 public:
     GenericSecurityManager(
         pal::SecurityManager &palImpl,
-        pal::SecurityDb &dbImpl,
         pal::ConnectionEventMonitor &connMonitorImpl,
         pal::SigningEventMonitor &signingMonitorImpl
     ) : _pal(palImpl),
-        _db(dbImpl),
         _connection_monitor(connMonitorImpl),
         _signing_monitor(signingMonitorImpl),
+        _db(NULL),
         _default_authentication(0),
         _default_key_distribution(pal::KeyDistribution::KEY_DISTRIBUTION_ALL),
         _pairing_authorisation_required(false),
@@ -256,6 +254,10 @@ class GenericSecurityManager : public SecurityManager,
         _oob_local_random[0] = 1;
     }
 
+    ~GenericSecurityManager() {
+        delete _db;
+    }
+
     ////////////////////////////////////////////////////////////////////////////
     // Helper functions
     //
@@ -308,7 +310,7 @@ class GenericSecurityManager : public SecurityManager,
      * @param[in] entryKeys security entry containing keys.
      */
     void enable_encryption_cb(
-        pal::SecurityDb::entry_handle_t entry,
+        SecurityDb::entry_handle_t entry,
         const SecurityEntryKeys_t* entryKeys
     );
 
@@ -319,32 +321,30 @@ class GenericSecurityManager : public SecurityManager,
      * @param[in] entryKeys security entry containing keys.
      */
     void set_ltk_cb(
-        pal::SecurityDb::entry_handle_t entry,
+        SecurityDb::entry_handle_t entry,
         const SecurityEntryKeys_t* entryKeys
     );
 
     /**
      * Returns the CSRK for the connection. Called by the security db.
      *
      * @param[in] connectionHandle Handle to identify the connection.
-     * @param[in] csrk connection signature resolving key.
+     * @param[in] signing connection signature resolving key and counter.
      */
     void return_csrk_cb(
-        pal::SecurityDb::entry_handle_t connection,
-        const csrk_t *csrk,
-        sign_count_t sign_counter
+        SecurityDb::entry_handle_t connection,
+        const SecurityEntrySigning_t *signing
     );
 
     /**
      * Set the peer CSRK for the connection. Called by the security db.
      *
      * @param[in] connectionHandle Handle to identify the connection.
-     * @param[in] csrk connection signature resolving key.
+     * @param[in] signing connection signature resolving key and counter.
      */
     void set_peer_csrk_cb(
-        pal::SecurityDb::entry_handle_t connection,
-        const csrk_t *csrk,
-        sign_count_t sign_counter
+        SecurityDb::entry_handle_t connection,
+        const SecurityEntrySigning_t *signing
     );
 
     /**
@@ -407,8 +407,8 @@ class GenericSecurityManager : public SecurityManager,
      * @param identity The identity associated with the entry; may be NULL.
      */
     void on_security_entry_retrieved(
-        pal::SecurityDb::entry_handle_t entry,
-        const pal::SecurityEntryIdentity_t* identity
+        SecurityDb::entry_handle_t entry,
+        const SecurityEntryIdentity_t* identity
     );
 
     /**
@@ -421,12 +421,12 @@ class GenericSecurityManager : public SecurityManager,
      * @param count Number of identities entries retrieved.
      */
     void on_identity_list_retrieved(
-        ble::ArrayView<pal::SecurityEntryIdentity_t*>& identity_list,
+        ble::ArrayView<SecurityEntryIdentity_t>& identity_list,
         size_t count
     );
 
 private:
-    struct ControlBlock_t : public pal::SecurityDistributionFlags_t {
+    struct ControlBlock_t {
         ControlBlock_t();
 
         pal::KeyDistribution get_initiator_key_distribution() {
@@ -443,7 +443,7 @@ class GenericSecurityManager : public SecurityManager,
         };
 
         connection_handle_t connection;
-        pal::SecurityDb::entry_handle_t db_entry;
+        SecurityDb::entry_handle_t db_entry;
 
         address_t local_address; /**< address used for connection, possibly different from identity */
 
@@ -473,10 +473,11 @@ class GenericSecurityManager : public SecurityManager,
     };
 
     pal::SecurityManager &_pal;
-    pal::SecurityDb &_db;
     pal::ConnectionEventMonitor &_connection_monitor;
     pal::SigningEventMonitor &_signing_monitor;
 
+    SecurityDb *_db;
+
     /* OOB data */
     address_t _oob_local_address;
     address_t _oob_peer_address;
@@ -718,7 +719,7 @@ class GenericSecurityManager : public SecurityManager,
 
     ControlBlock_t* get_control_block(const address_t &peer_address);
 
-    ControlBlock_t* get_control_block(pal::SecurityDb::entry_handle_t db_entry);
+    ControlBlock_t* get_control_block(SecurityDb::entry_handle_t db_entry);
 
     void release_control_block(ControlBlock_t* entry);
 };