New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

BLE privacy, signing, persistent security database #6932

Merged
merged 314 commits into from May 24, 2018

Conversation

Projects
None yet
7 participants
@paul-szczepanek-arm
Member

paul-szczepanek-arm commented May 16, 2018

Description

This branch adds several feature to the security manager and updates features in other layers connected to it:

  • Support of lesc pairing
  • Support of Gap privacy
  • Support GATT signing
  • Support of GATT permissions
  • Database persistence

Implementations of these features targets the various Nordic boards and the cordio stack.

LE Secure Connection pairing

LE Secure Connection pairing is a new pairing method that has been introduced with Bluetooth 4.2. It uses Elyptic Curve Cryptography and offer better protection against eavesdropping.

Pull Requests:

  • OOB: 1, 2, 3
  • Nordic implementation: 1, 2
  • Cordio Implementation: 1

Gap Privacy

This feature allows a device to sends advertisements packets, scan requests and connections requests with a private address. The goal being to avoid devices tracking. A known peer (bonded) can retrieve the identity of a the by resolving its private address.

Pull Requests:

  • Interfaces: 1
  • Nordic implementation: 1 2
  • Cordio: 1, 2
  • Backwards compatibility: 1

Gatt Signing and permission

This feature allows the authentication of a known peer sending a write command on an unencrypted link.
To support this feature, the GATT server had to support proper security requirements per attributes.

Pull Requests:

  • SecurityManager: 1
  • GenericGattClient: 1
  • Nordic: 1 Note that these are stub as this feature is not supported by Nordic softdevices.
  • Cordio: 1
  • GattServer: 1

DataBase persistence

This addition allow a user to specify a path to a file that will store the secure database.

Pull Requests: 1 2

Documentation

Handbook (not part of this PR) pull request: 1

Pull request type

[ ] Fix
[ ] Refactor
[ ] New target
[x] Feature
[ ] Breaking change

paul-szczepanek-arm and others added some commits Mar 28, 2018

missing line from commit
(github client fail)
Merge pull request #26 from paul-szczepanek-arm/signing
signing integration between gatt and sm
BLE: use ArrayView to pass and get parameters in Crypto API
This change allow vendor pal code to use its own array format.
BLE: Extend ArrayView to encode size in type.
With this change, it is possible to encode the size of the array viewed by an ArrayView into the type itself: ArrayView<T, Size>. Such objects are lighter than ArrayView of arbitrary size and allows verification of the size at compile time.

This change also fix operator== and bring new make_ArrayView overloads.
BLE: CryptoToolbox enhancement
- Rename LescCrypto into CryptoToolbox
- Use ArrayView of fixed size as parameters
- Add licence
Merge pull request #27 from pan-/sc-nordic
LE Secure Connections Nordic

@paul-szczepanek-arm paul-szczepanek-arm force-pushed the paul-szczepanek-arm:security-manager-dev branch from acee983 to 69a0c10 May 23, 2018

@paul-szczepanek-arm

This comment has been minimized.

Member

paul-szczepanek-arm commented May 23, 2018

merged with permission because rebase is problematic

paul-szczepanek-arm added some commits May 23, 2018

Fix not processing all advertising reports if one is filtered out
filtering out individual reports instead of all
@adbridge

This comment has been minimized.

Contributor

adbridge commented May 23, 2018

/morph build

@mbed-ci

This comment has been minimized.

mbed-ci commented May 23, 2018

@cmonr

This comment has been minimized.

Contributor

cmonr commented May 23, 2018

@paul-szczepanek-arm Head up ^^^

pan- and others added some commits May 23, 2018

BLE NRF52: Report correct own address type for connection
The function that gets the address doesn't work when privacy is enabled; report own address as private resolvable.
Merge pull request #51 from pan-/fix-iar-compilation
BLE: Fix wrong macro name for IAR
@cmonr

This comment has been minimized.

Contributor

cmonr commented May 23, 2018

Arm License checkout issues with pr-head. Assuming the rebuild is good, will start CI.

@cmonr

This comment has been minimized.

Contributor

cmonr commented May 23, 2018

/morph build

@pan-

pan- approved these changes May 23, 2018

Every ble tests passes on all targets with this change set; its all green for me.

@donatieng

This comment has been minimized.

Member

donatieng commented May 23, 2018

I can confirm IAR compilation issues have been fixed, validated locally.

@mbed-ci

This comment has been minimized.

mbed-ci commented May 23, 2018

Build : SUCCESS

Build number : 2132
Build artifacts/logs : http://mbed-os.s3-website-eu-west-1.amazonaws.com/?prefix=builds/6932/

Triggering tests

/morph test
/morph uvisor-test
/morph export-build
/morph mbed2-build

@mbed-ci

This comment has been minimized.

mbed-ci commented May 24, 2018

@mbed-ci

This comment has been minimized.

@0xc0170 0xc0170 added ready for merge and removed needs: CI labels May 24, 2018

@cmonr cmonr merged commit 791620c into ARMmbed:master May 24, 2018

13 checks passed

AWS-CI uVisor Build & Test Success
Details
ci-morph-build build completed
Details
ci-morph-exporter build completed
Details
ci-morph-mbed2-build build completed
Details
ci-morph-test test completed
Details
continuous-integration/jenkins/pr-head This commit looks good
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
travis-ci/astyle Passed, 850 files
Details
travis-ci/docs Local docs testing has passed
Details
travis-ci/events Passed, runtime is 9566 cycles (+547 cycles)
Details
travis-ci/gitattributestest Local gitattributestest testing has passed
Details
travis-ci/littlefs Passed, code size is 9964B (+0.00%)
Details
travis-ci/tools Local tools testing has passed
Details

@cmonr cmonr removed the ready for merge label May 24, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment