Commit 586e497

committed

fix(ble): Fix typos and security start

1 parent fe67c72 commit 586e497Copy full SHA for 586e497

File tree

3 files changed

+72

-50

lines changed

libraries/BLE
- examples
  - Client_secure_static_passkey
    - Client_secure_static_passkey.ino
  - Server_secure_static_passkey
    - Server_secure_static_passkey.ino
- src
  - BLESecurity.cpp

3 files changed

+72

-50

lines changed

`‎libraries/BLE/examples/Client_secure_static_passkey/Client_secure_static_passkey.ino`

Lines changed: 22 additions & 22 deletions

Original file line number	Diff line number	Diff line change
`@@ -9,7 +9,7 @@`
`9`	`9`
`10`	`10`	`Note that ESP32 uses Bluedroid by default and the other SoCs use NimBLE.`
`11`	`11`	`Bluedroid initiates security on-connect, while NimBLE initiates security on-demand.`
`12`		`- This means that in NimBLE you can read the unsecure characteristic without entering`
	`12`	`+ This means that in NimBLE you can read the insecure characteristic without entering`
`13`	`13`	`the passkey. This is not possible in Bluedroid.`
`14`	`14`
`15`	`15`	`Also, the SoC stores the authentication info in the NVS memory. After a successful`
`@@ -26,7 +26,7 @@`
`26`	`26`	`// The remote service we wish to connect to.`
`27`	`27`	`static BLEUUID serviceUUID("4fafc201-1fb5-459e-8fcc-c5c9c331914b");`
`28`	`28`	`// The characteristics of the remote service we are interested in.`
`29`		`-static BLEUUID unsecureCharUUID("beb5483e-36e1-4688-b7f5-ea07361b26a8");`
	`29`	`+static BLEUUID insecureCharUUID("beb5483e-36e1-4688-b7f5-ea07361b26a8");`
`30`	`30`	`static BLEUUID secureCharUUID("ff1d2614-e2d6-4c87-9154-6625d39ca7f8");`
`31`	`31`
`32`	`32`	`// This must match the server's passkey`
`@@ -35,7 +35,7 @@ static BLEUUID secureCharUUID("ff1d2614-e2d6-4c87-9154-6625d39ca7f8");`
`35`	`35`	`static boolean doConnect = false;`
`36`	`36`	`static boolean connected = false;`
`37`	`37`	`static boolean doScan = false;`
`38`		`-static BLERemoteCharacteristic *pRemoteUnsecureCharacteristic;`
	`38`	`+static BLERemoteCharacteristic *pRemoteInsecureCharacteristic;`
`39`	`39`	`static BLERemoteCharacteristic *pRemoteSecureCharacteristic;`
`40`	`40`	`static BLEAdvertisedDevice *myDevice;`
`41`	`41`
`@@ -87,15 +87,15 @@ bool connectToServer() {`
`87`	`87`	`}`
`88`	`88`	`Serial.println(" - Found our service");`
`89`	`89`
`90`		`- // Obtain a reference to the unsecure characteristic`
`91`		`- pRemoteUnsecureCharacteristic = pRemoteService->getCharacteristic(unsecureCharUUID);`
`92`		`- if (pRemoteUnsecureCharacteristic == nullptr) {`
`93`		`- Serial.print("Failed to find unsecure characteristic UUID: ");`
`94`		`- Serial.println(unsecureCharUUID.toString().c_str());`
	`90`	`+ // Obtain a reference to the insecure characteristic`
	`91`	`+ pRemoteInsecureCharacteristic = pRemoteService->getCharacteristic(insecureCharUUID);`
	`92`	`+ if (pRemoteInsecureCharacteristic == nullptr) {`
	`93`	`+ Serial.print("Failed to find insecure characteristic UUID: ");`
	`94`	`+ Serial.println(insecureCharUUID.toString().c_str());`
`95`	`95`	`pClient->disconnect();`
`96`	`96`	`return false;`
`97`	`97`	`}`
`98`		`- Serial.println(" - Found unsecure characteristic");`
	`98`	`+ Serial.println(" - Found insecure characteristic");`
`99`	`99`
`100`	`100`	`// Obtain a reference to the secure characteristic`
`101`	`101`	`pRemoteSecureCharacteristic = pRemoteService->getCharacteristic(secureCharUUID);`
`@@ -107,10 +107,10 @@ bool connectToServer() {`
`107`	`107`	`}`
`108`	`108`	`Serial.println(" - Found secure characteristic");`
`109`	`109`
`110`		`- // Read the value of the unsecure characteristic (should work without authentication)`
`111`		`- if (pRemoteUnsecureCharacteristic->canRead()) {`
`112`		`- String value = pRemoteUnsecureCharacteristic->readValue();`
`113`		`- Serial.print("Unsecure characteristic value: ");`
	`110`	`+ // Read the value of the insecure characteristic (should work without authentication)`
	`111`	`+ if (pRemoteInsecureCharacteristic->canRead()) {`
	`112`	`+ String value = pRemoteInsecureCharacteristic->readValue();`
	`113`	`+ Serial.print("Insecure characteristic value: ");`
`114`	`114`	`Serial.println(value.c_str());`
`115`	`115`	`}`
`116`	`116`
`@@ -127,9 +127,9 @@ bool connectToServer() {`
`127`	`127`	`}`
`128`	`128`
`129`	`129`	`// Register for notifications on both characteristics if they support it`
`130`		`- if (pRemoteUnsecureCharacteristic->canNotify()) {`
`131`		`- pRemoteUnsecureCharacteristic->registerForNotify(notifyCallback);`
`132`		`- Serial.println(" - Registered for unsecure characteristic notifications");`
	`130`	`+ if (pRemoteInsecureCharacteristic->canNotify()) {`
	`131`	`+ pRemoteInsecureCharacteristic->registerForNotify(notifyCallback);`
	`132`	`+ Serial.println(" - Registered for insecure characteristic notifications");`
`133`	`133`	`}`
`134`	`134`
`135`	`135`	`if (pRemoteSecureCharacteristic->canNotify()) {`
`@@ -173,7 +173,7 @@ void setup() {`
`173`	`173`	`BLESecurity *pSecurity = new BLESecurity();`
`174`	`174`
`175`	`175`	`// Set security parameters`
`176`		`- // Deafult parameters:`
	`176`	`+ // Default parameters:`
`177`	`177`	`// - IO capability is set to NONE`
`178`	`178`	`// - Initiator and responder key distribution flags are set to both encryption and identity keys.`
`179`	`179`	`// - Passkey is set to BLE_SM_DEFAULT_PASSKEY (123456). It will warn if you don't change it.`
`@@ -213,11 +213,11 @@ void loop() {`
`213`	`213`
`214`	`214`	`// If we are connected to a peer BLE Server, demonstrate secure communication`
`215`	`215`	`if (connected) {`
`216`		`- // Write to the unsecure characteristic`
`217`		`- String unsecureValue = "Client time: " + String(millis() / 1000);`
`218`		`- if (pRemoteUnsecureCharacteristic->canWrite()) {`
`219`		`- pRemoteUnsecureCharacteristic->writeValue(unsecureValue.c_str(), unsecureValue.length());`
`220`		`- Serial.println("Wrote to unsecure characteristic: " + unsecureValue);`
	`216`	`+ // Write to the insecure characteristic`
	`217`	`+ String insecureValue = "Client time: " + String(millis() / 1000);`
	`218`	`+ if (pRemoteInsecureCharacteristic->canWrite()) {`
	`219`	`+ pRemoteInsecureCharacteristic->writeValue(insecureValue.c_str(), insecureValue.length());`
	`220`	`+ Serial.println("Wrote to insecure characteristic: " + insecureValue);`
`221`	`221`	`}`
`222`	`222`
`223`	`223`	`// Write to the secure characteristic`

`‎libraries/BLE/examples/Server_secure_static_passkey/Server_secure_static_passkey.ino`

Lines changed: 10 additions & 10 deletions

Original file line number	Diff line number	Diff line change
`@@ -5,14 +5,14 @@`
`5`	`5`	`IO capability using a static passkey.`
`6`	`6`	`The server will accept connections from devices that have the same passkey set.`
`7`	`7`	`The example passkey is set to 123456.`
`8`		`- The server will create a service and a secure and an unsecure characteristic`
	`8`	`+ The server will create a service and a secure and an insecure characteristic`
`9`	`9`	`to be used as example.`
`10`	`10`
`11`	`11`	`This server is designed to be used with the Client_secure_static_passkey example.`
`12`	`12`
`13`	`13`	`Note that ESP32 uses Bluedroid by default and the other SoCs use NimBLE.`
`14`	`14`	`Bluedroid initiates security on-connect, while NimBLE initiates security on-demand.`
`15`		`- This means that in NimBLE you can read the unsecure characteristic without entering`
	`15`	`+ This means that in NimBLE you can read the insecure characteristic without entering`
`16`	`16`	`the passkey. This is not possible in Bluedroid.`
`17`	`17`
`18`	`18`	`Also, the SoC stores the authentication info in the NVS memory. After a successful`
`@@ -33,7 +33,7 @@`
`33`	`33`	`// https://www.uuidgenerator.net/`
`34`	`34`
`35`	`35`	`#define SERVICE_UUID "4fafc201-1fb5-459e-8fcc-c5c9c331914b"`
`36`		`-#define UNSECURE_CHARACTERISTIC_UUID "beb5483e-36e1-4688-b7f5-ea07361b26a8"`
	`36`	`+#define Insecure_CHARACTERISTIC_UUID "beb5483e-36e1-4688-b7f5-ea07361b26a8"`
`37`	`37`	`#define SECURE_CHARACTERISTIC_UUID "ff1d2614-e2d6-4c87-9154-6625d39ca7f8"`
`38`	`38`
`39`	`39`	`// This is an example passkey. You should use a different or random passkey.`
`@@ -51,7 +51,7 @@ void setup() {`
`51`	`51`	`BLESecurity *pSecurity = new BLESecurity();`
`52`	`52`
`53`	`53`	`// Set security parameters`
`54`		`- // Deafult parameters:`
	`54`	`+ // Default parameters:`
`55`	`55`	`// - IO capability is set to NONE`
`56`	`56`	`// - Initiator and responder key distribution flags are set to both encryption and identity keys.`
`57`	`57`	`// - Passkey is set to BLE_SM_DEFAULT_PASSKEY (123456). It will warn if you don't change it.`
`@@ -71,8 +71,8 @@ void setup() {`
`71`	`71`
`72`	`72`	`BLEService *pService = pServer->createService(SERVICE_UUID);`
`73`	`73`
`74`		`- uint32_t unsecure_properties = BLECharacteristic::PROPERTY_READ \| BLECharacteristic::PROPERTY_WRITE;`
`75`		`- uint32_t secure_properties = unsecure_properties;`
	`74`	`+ uint32_t insecure_properties = BLECharacteristic::PROPERTY_READ \| BLECharacteristic::PROPERTY_WRITE;`
	`75`	`+ uint32_t secure_properties = insecure_properties;`
`76`	`76`
`77`	`77`	`// NimBLE uses properties to secure characteristics.`
`78`	`78`	`// These special permission properties are not supported by Bluedroid and will be ignored.`
`@@ -81,21 +81,21 @@ void setup() {`
`81`	`81`	`secure_properties \|= BLECharacteristic::PROPERTY_READ_ENC \| BLECharacteristic::PROPERTY_WRITE_ENC;`
`82`	`82`
`83`	`83`	`BLECharacteristic *pSecureCharacteristic = pService->createCharacteristic(SECURE_CHARACTERISTIC_UUID, secure_properties);`
`84`		`- BLECharacteristic *pUnsecureCharacteristic = pService->createCharacteristic(UNSECURE_CHARACTERISTIC_UUID, unsecure_properties);`
	`84`	`+ BLECharacteristic *pInsecureCharacteristic = pService->createCharacteristic(Insecure_CHARACTERISTIC_UUID, insecure_properties);`
`85`	`85`
`86`	`86`	`// Bluedroid uses permissions to secure characteristics.`
`87`	`87`	`// This is the same as using the properties above.`
`88`	`88`	`// NimBLE does not use permissions and will ignore these calls.`
`89`	`89`	`// This can be removed if only using NimBLE (any SoC except ESP32).`
`90`	`90`	`pSecureCharacteristic->setAccessPermissions(ESP_GATT_PERM_READ_ENCRYPTED \| ESP_GATT_PERM_WRITE_ENCRYPTED);`
`91`		`- pUnsecureCharacteristic->setAccessPermissions(ESP_GATT_PERM_READ \| ESP_GATT_PERM_WRITE);`
	`91`	`+ pInsecureCharacteristic->setAccessPermissions(ESP_GATT_PERM_READ \| ESP_GATT_PERM_WRITE);`
`92`	`92`
`93`	`93`	`// Set value for secure characteristic`
`94`	`94`	`pSecureCharacteristic->setValue("Secure Hello World!");`
`95`	`95`
`96`		`- // Set value for unsecure characteristic`
	`96`	`+ // Set value for insecure characteristic`
`97`	`97`	`// When using NimBLE you will be able to read this characteristic without entering the passkey.`
`98`		`- pUnsecureCharacteristic->setValue("Unsecure Hello World!");`
	`98`	`+ pInsecureCharacteristic->setValue("Insecure Hello World!");`
`99`	`99`
`100`	`100`	`pService->start();`
`101`	`101`	`BLEAdvertising *pAdvertising = BLEDevice::getAdvertising();`

`‎libraries/BLE/src/BLESecurity.cpp`

Lines changed: 40 additions & 18 deletions

Original file line number	Diff line number	Diff line change
`@@ -59,7 +59,7 @@ uint32_t BLESecurity::m_passkey = BLE_SM_DEFAULT_PASSKEY;`
`59`	`59`
`60`	`60`	`#if defined(CONFIG_BLUEDROID_ENABLED)`
`61`	`61`	`uint8_t BLESecurity::m_keySize = 16;`
`62`		`-esp_ble_sec_act_t BLESecurity::m_securityLevel = (esp_ble_sec_act_t)0;`
	`62`	`+esp_ble_sec_act_t BLESecurity::m_securityLevel;`
`63`	`63`	`#endif`
`64`	`64`
`65`	`65`	`/***************************************************************************`
`@@ -216,7 +216,7 @@ void BLESecurity::setAuthenticationMode(bool bonding, bool mitm, bool sc) {`
`216`	`216`	`// It should return the passkey that the peer device is showing on its output.`
`217`	`217`	`// This might not be called if the client has a static passkey set.`
`218`	`218`	`uint32_t BLESecurityCallbacks::onPassKeyRequest() {`
`219`		`- Serial.println("BLESecurityCallbacks: ATTENTION Using unsecure onPassKeyRequest.");`
	`219`	`+ Serial.println("BLESecurityCallbacks: ATTENTION Using insecure onPassKeyRequest.");`
`220`	`220`	`Serial.println("BLESecurityCallbacks: ATTENTION Please implement onPassKeyRequest with a suitable passkey in your BLESecurityCallbacks class");`
`221`	`221`	`Serial.printf("BLESecurityCallbacks: Default passkey: %06d\n", BLE_SM_DEFAULT_PASSKEY);`
`222`	`222`	`return BLE_SM_DEFAULT_PASSKEY;`
`@@ -239,7 +239,7 @@ bool BLESecurityCallbacks::onSecurityRequest() {`
`239`	`239`	`// This callback is called by both devices when both have the DisplayYesNo capability.`
`240`	`240`	`// It should return true if both devices display the same passkey.`
`241`	`241`	`bool BLESecurityCallbacks::onConfirmPIN(uint32_t pin) {`
`242`		`- Serial.println("BLESecurityCallbacks: ATTENTION Using unsecure onConfirmPIN. It will accept any passkey.");`
	`242`	`+ Serial.println("BLESecurityCallbacks: ATTENTION Using insecure onConfirmPIN. It will accept any passkey.");`
`243`	`243`	`Serial.println("BLESecurityCallbacks: ATTENTION Please implement onConfirmPIN with a suitable confirmation logic in your BLESecurityCallbacks class");`
`244`	`244`	`return true;`
`245`	`245`	`}`
`@@ -251,7 +251,7 @@ bool BLESecurityCallbacks::onConfirmPIN(uint32_t pin) {`
`251`	`251`	`// otherwise it is requesting to write.`
`252`	`252`	`// It should return true if the authorization is granted, false otherwise.`
`253`	`253`	`bool BLESecurityCallbacks::onAuthorizationRequest(uint16_t connHandle, uint16_t attrHandle, bool isRead) {`
`254`		`- Serial.println("BLESecurityCallbacks: ATTENTION Using unsecure onAuthorizationRequest. It will accept any authorization request.");`
	`254`	`+ Serial.println("BLESecurityCallbacks: ATTENTION Using insecure onAuthorizationRequest. It will accept any authorization request.");`
`255`	`255`	`Serial.println(`
`256`	`256`	`"BLESecurityCallbacks: ATTENTION Please implement onAuthorizationRequest with a suitable authorization logic in your BLESecurityCallbacks class"`
`257`	`257`	`);`
`@@ -272,17 +272,28 @@ bool BLESecurity::startSecurity(esp_bd_addr_t bd_addr, int *rcPtr) {`
`272`	`272`	`#ifdef CONFIG_BLE_SMP_ENABLE`
`273`	`273`	`if (m_securityStarted) {`
`274`	`274`	`log_w("Security already started for bd_addr=%s", BLEAddress(bd_addr).toString().c_str());`
	`275`	`+ if (rcPtr) {`
	`276`	`+ *rcPtr = ESP_OK;`
	`277`	`+ }`
`275`	`278`	`return true;`
`276`	`279`	`}`
`277`	`280`
`278`		`- int rc = esp_ble_set_encryption(bd_addr, m_securityLevel);`
`279`		`- if (rc != ESP_OK) {`
`280`		`- log_e("esp_ble_set_encryption: rc=%d %s", rc, GeneralUtils::errorToString(rc));`
`281`		`- }`
`282`		`- if (rcPtr) {`
`283`		`- *rcPtr = rc;`
	`281`	`+ if (m_securityEnabled) {`
	`282`	`+ int rc = esp_ble_set_encryption(bd_addr, m_securityLevel);`
	`283`	`+ if (rc != ESP_OK) {`
	`284`	`+ log_e("esp_ble_set_encryption: rc=%d %s", rc, GeneralUtils::errorToString(rc));`
	`285`	`+ }`
	`286`	`+ if (rcPtr) {`
	`287`	`+ *rcPtr = rc;`
	`288`	`+ }`
	`289`	`+ m_securityStarted = (rc == ESP_OK);`
	`290`	`+ } else {`
	`291`	`+ log_e("Security is not enabled. Can't start security.");`
	`292`	`+ if (rcPtr) {`
	`293`	`+ *rcPtr = ESP_FAIL;`
	`294`	`+ }`
	`295`	`+ return false;`
`284`	`296`	`}`
`285`		`- m_securityStarted = (rc == ESP_OK);`
`286`	`297`	`return m_securityStarted;`
`287`	`298`	`#else`
`288`	`299`	`log_e("Bluedroid SMP is not enabled. Can't start security.");`
`@@ -324,17 +335,28 @@ void BLESecurityCallbacks::onAuthenticationComplete(esp_ble_auth_cmpl_t param) {`
`324`	`335`	`bool BLESecurity::startSecurity(uint16_t connHandle, int *rcPtr) {`
`325`	`336`	`if (m_securityStarted) {`
`326`	`337`	`log_w("Security already started for connHandle=%d", connHandle);`
	`338`	`+ if (rcPtr) {`
	`339`	`+ *rcPtr = 0;`
	`340`	`+ }`
`327`	`341`	`return true;`
`328`	`342`	`}`
`329`	`343`
`330`		`- int rc = ble_gap_security_initiate(connHandle);`
`331`		`- if (rc != 0) {`
`332`		`- log_e("ble_gap_security_initiate: rc=%d %s", rc, BLEUtils::returnCodeToString(rc));`
`333`		`- }`
`334`		`- if (rcPtr) {`
`335`		`- *rcPtr = rc;`
	`344`	`+ if (m_securityEnabled) {`
	`345`	`+ int rc = ble_gap_security_initiate(connHandle);`
	`346`	`+ if (rc != 0) {`
	`347`	`+ log_e("ble_gap_security_initiate: rc=%d %s", rc, BLEUtils::returnCodeToString(rc));`
	`348`	`+ }`
	`349`	`+ if (rcPtr) {`
	`350`	`+ *rcPtr = rc;`
	`351`	`+ }`
	`352`	`+ m_securityStarted = (rc == 0 \|\| rc == BLE_HS_EALREADY);`
	`353`	`+ } else {`
	`354`	`+ log_e("Security is not enabled. Can't start security.");`
	`355`	`+ if (rcPtr) {`
	`356`	`+ *rcPtr = ESP_FAIL;`
	`357`	`+ }`
	`358`	`+ return false;`
`336`	`359`	`}`
`337`		`- m_securityStarted = (rc == 0 \|\| rc == BLE_HS_EALREADY);`
`338`	`360`	`return m_securityStarted;`
`339`	`361`	`}`
`340`	`362`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit 586e497

File tree

3 files changed

3 files changed

`‎libraries/BLE/examples/Client_secure_static_passkey/Client_secure_static_passkey.ino`

`‎libraries/BLE/examples/Server_secure_static_passkey/Server_secure_static_passkey.ino`

`‎libraries/BLE/src/BLESecurity.cpp`

0 commit comments