-
Notifications
You must be signed in to change notification settings - Fork 82
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow to open/close a BLE pairing&bonding window #243
Comments
#320 adds a method to SecurityHandler that allows you to fully customize the ble_gap_sec_params_t that should be used. That should cover your use case. It's a bit odd to me though that you would accept connections from an unknown central when you're not willing to pair with them. |
I guess 320 is a typo? => #230 I want to accept connections and pairing for already known devices, but I want only to allow connections & bonding requests when explicitly requested. Probably the best would be to check upon connection if the cebtral is already bonded, and disconnected if it is not? |
Yes, oops.
The best way to do this is with a whitelist. Use |
Many thanks for the advice! It works like a charm! pub(crate) fn whitelist_known_peers(&self, sd: &Softdevice) -> Result<(), RawError> {
const MAX_LEN: usize = nrf_softdevice::raw::BLE_GAP_WHITELIST_ADDR_MAX_COUNT as usize;
assert!(self.bond_info_map.borrow().len() <= MAX_LEN);
let mut addresses : [Address; MAX_LEN] = unsafe { core::mem::zeroed() };
let mut id_keys : [IdentityKey; MAX_LEN] = unsafe { core::mem::zeroed() };
let mut valid_id_keys : usize = 0;
for (i, bond) in self.bond_info_map.borrow().iter() {
addresses[*i as usize] = bond.peer.peer_id.addr;
warn!("Whitelisting {}", bond.peer.peer_id.addr);
let already_exist = id_keys.iter().find(|idk| idk.is_match(bond.peer.peer_id.addr)).is_some();
if !already_exist {
id_keys[*i as usize] = bond.peer.peer_id;
valid_id_keys += 1;
}
}
ble::set_device_identities_list(sd, &id_keys[..valid_id_keys], None)?;
ble::set_whitelist(sd, &addresses[..self.bond_info_map.borrow().len()])?;
Ok(())
} I added this function the Then to allow pairing, in my BLE task I do something like let mut config = peripheral::Config::default();
match bonder.whitelist_known_peers(sd) {
Ok(_) => info!("Whitelisting stored successfully"),
Err(e) => error!("Unable to configure whitelisting {}", e),
}
if pairing_allowed {
let adv_data: LegacyAdvertisementPayload = LegacyAdvertisementBuilder::new()
.flags(&[Flag::GeneralDiscovery, Flag::LE_Only])
.full_name(name)
//add more settings if needed
.build();
let adv = peripheral::ConnectableAdvertisement::ScannableUndirected {
adv_data: &adv_data,
scan_data: &SCAN_DATA,
};
config.filter_policy = FilterPolicy::Any;
unwrap!(peripheral::advertise_pairable(sd, adv, &config, bonder).await)
}
else {
let adv_data: LegacyAdvertisementPayload = LegacyAdvertisementBuilder::new()
.flags(&[Flag::LE_Only])
.build();
let adv = peripheral::ConnectableAdvertisement::ScannableUndirected {
adv_data: &adv_data,
scan_data: &SCAN_DATA,
};
config.filter_policy = FilterPolicy::Both;
unwrap!(peripheral::advertise_pairable(sd, adv, &config, bonder).await)
} Every suggestion for improvement in performance, style or anything is very welcome :) |
It is a common use case to have a gesture that enables a "pairing window" with the device.
The goal is to control who can have remote access to the device, by forcing some kind of physical access.
This is especially important in devices with limited UI capabilities that need to use the rather poor
justworks
security.It seems that
peripheral::advertise_pairable
vsperipheral::advertise_connectable
suggest this feature, but it either doesn't work properly or I misinterpret it.In both cases, pairing (key exchange) still happens successfully, only bonding is not performed when
peripheral::advertise_connectable
is used.This means that, at any time, a central device can access the encrypted GATT services and characteristics without ever having to access the device physically.
As far I could test, the current implementation does not allow to enable pairing only in a certain window.
After digging into the code, I think that maybe it comes down to simply setting the security params as follow when the
BLE_GAP_EVTS_BLE_GAP_EVT_SEC_PARAMS_REQUEST
is received and no security handler is provided:Any thoughts on this? Am I missing something?
The text was updated successfully, but these errors were encountered: