• State Verified Answer
  • Locked Locked
  • Replies 11 replies
  • Subscribers 90 subscribers
  • Views 2732 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 280302
Options
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Please tell me how to set permissions.

sdi_kei

Hello.
I'm thinking about what I can do with peripheral rolls.

I have a question about GATT communication data.
The following content was described in the Core Specification of the Bluetooth SIG.

The following access permissions are possible:
• Readable
• Writeable
• Readable and writable
The following encryption permissions are possible:
• Encryption required
• No encryption required
The following authentication permissions are possible:
• Authentication Required
• No Authentication Required
The following authorization permissions are possible:
• Authorization Required
• No Authorization Required

I think that the structure used when setting the data of the characteristic is "ble_add_char_params_t".
How can I set the contents described?

Best regards.

Parents
  • 0

    Have a look at ble_gap.h from the nrf5 SDK.

    /**@defgroup BLE_GAP_CONN_SEC_MODE_SET_MACROS GAP attribute security requirement setters
 *
 * See @ref ble_gap_conn_sec_mode_t.
 * @{ */
/**@brief Set sec_mode pointed to by ptr to have no access rights.*/
#define BLE_GAP_CONN_SEC_MODE_SET_NO_ACCESS(ptr)          do {(ptr)->sm = 0; (ptr)->lv = 0;} while(0)
/**@brief Set sec_mode pointed to by ptr to require no protection, open link.*/
#define BLE_GAP_CONN_SEC_MODE_SET_OPEN(ptr)               do {(ptr)->sm = 1; (ptr)->lv = 1;} while(0)
/**@brief Set sec_mode pointed to by ptr to require encryption, but no MITM protection.*/
#define BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM(ptr)        do {(ptr)->sm = 1; (ptr)->lv = 2;} while(0)
/**@brief Set sec_mode pointed to by ptr to require encryption and MITM protection.*/
#define BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM(ptr)      do {(ptr)->sm = 1; (ptr)->lv = 3;} while(0)
/**@brief Set sec_mode pointed to by ptr to require LESC encryption and MITM protection.*/
#define BLE_GAP_CONN_SEC_MODE_SET_LESC_ENC_WITH_MITM(ptr) do {(ptr)->sm = 1; (ptr)->lv = 4;} while(0)
/**@brief Set sec_mode pointed to by ptr to require signing or encryption, no MITM protection needed.*/
#define BLE_GAP_CONN_SEC_MODE_SET_SIGNED_NO_MITM(ptr)     do {(ptr)->sm = 2; (ptr)->lv = 1;} while(0)
/**@brief Set sec_mode pointed to by ptr to require signing or encryption with MITM protection.*/
#define BLE_GAP_CONN_SEC_MODE_SET_SIGNED_WITH_MITM(ptr)   do {(ptr)->sm = 2; (ptr)->lv = 2;} while(0)
/**@} */

    For example you can set the write permissions to LESC with MITM when initializing your characteristic:

        ble_gatts_attr_md_t cccd_md;
    BLE_GAP_CONN_SEC_MODE_SET_LESC_ENC_WITH_MITM(&cccd_md.write_perm);

  • 0 in reply to fhfs

    Hello.

    I think Encryption required is set to BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM and No encryption required is BLE_GAP_CONN_SEC_MODE_SET_OPEN.

    Can you tell me what else applies?

    Best regards.

  • 0 in reply to sdi_kei

    Hello.

    Do you see the question?
    I would be grateful if the support engineer could answer if you like.

    Best regards.

  • 0 in reply to sdi_kei
    sdi_kei said:
    I think Encryption required is set to BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM and No encryption required is BLE_GAP_CONN_SEC_MODE_SET_OPEN.

    Hi, 

    Encryption have different levels so it could be 

    BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM or 
    BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM
    and yes no encryption means you need to set the permissions to open 
    BLE_GAP_CONN_SEC_MODE_SET_OPEN.
    read and write access can be defined to the char properties like below
     add_char_params.read_access  = SEC_OPEN;
add_char_params.write_access = SEC_OPEN;
    The following authentication permissions are possible:
    • Authentication Required
    • No Authentication Required
    for the above you have 
    ble_add_char_params_t in components\softdevice\s112\headers\ble_gatt.h that you can set.
    I suggest you to see one of the ble service implementation like 
    components\ble\ble_services\ble_nus\ble_nus.c: 
    ble_nus_init to get a closer look a the example to use these settings.
  • 0 in reply to Susheel Nuguru

    Hello.

    Thank you for telling me about the settings.
    However, I checked the example, but I didn't understand some points, so please let me know.
    This is what we currently know.

    The following access permissions are possible:
• Readable
    add_char_params.read_access = SEC_OPEN;
• Writeable
    add_char_params.write_access = SEC_OPEN;
• Readable and writable
    Allow read and write
    
The following encryption permissions are possible:
• Encryption required
    BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM and BLE_GAP_CONN_SEC_MODE_SET_OPEN
• No encryption required
    BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM
    
The following authentication permissions are possible:
• Authentication Required
    not sure
• No Authentication Required
    BLE_GAP_CONN_SEC_MODE_SET_NO_ACCESS
    
The following authorization permissions are possible:
• Authorization Required
    not sure
• No Authorization Required
    not sure

    Best regards.

  • 0 in reply to sdi_kei

    • No encryption required
        BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM

    Correction: BLE_GAP_CONN_SEC_MODE_SET_OPEN

    The following authentication permissions are possible:
    • Authentication Required

    BLE_GAP_CONN_SEC_MODE_SET_SIGNED_NO_MITM and BLE_GAP_CONN_SEC_MODE_SET_SIGNED_WITH_MITM

    Authenticate by signature

    • No Authentication Required
        BLE_GAP_CONN_SEC_MODE_SET_NO_ACCESS

    This will block access to the attribute. What is it you want here?

    I've only used the Open and LESC with MITM in my projects. What is it you want to achieve specifically?

  • 0 in reply to fhfs

    Hello.

    What I want to do is create a characteristic that can only be read and written by central devices that meet certain criteria.

    At that time, you have to set each characteristic, but I don't know what kind of setting should be done, so please let me know.

    Best regards.

Reply
  • 0 in reply to fhfs

    Hello.

    What I want to do is create a characteristic that can only be read and written by central devices that meet certain criteria.

    At that time, you have to set each characteristic, but I don't know what kind of setting should be done, so please let me know.

    Best regards.

Children
  • +1 in reply to sdi_kei

    Hello.

    I tried to summarize it with reference to what you taught me.
    Please tell me if this is the case.

    The following content showed the same thing.

BLE_GAP_CONN_SEC_MODE_SET_NO_ACCESS         ⇔   SEC_NO_ACCESS
BLE_GAP_CONN_SEC_MODE_SET_OPEN              ⇔   SEC_OPEN
BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM       ⇔   SEC_JUST_WORKS
BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM     ⇔   SEC_MITM
BLE_GAP_CONN_SEC_MODE_SET_SIGNED_NO_MITM    ⇔   SEC_SIGNED
BLE_GAP_CONN_SEC_MODE_SET_SIGNED_WITH_MITM  ⇔   SEC_SIGNED_MITM


The following access permissions are possible:
• Readable  → ble_gatt_char_props_t read = 1
• Writeable → ble_gatt_char_props_t write = 1
• Readable and writable → ble_gatt_char_props_t read = 1, write = 1

The following encryption permissions are possible:
• Encryption required → security_req_t SEC_JUST_WORKS & SEC_MITM & SEC_SIGNED & SEC_SIGNED_MITM
• No encryption required → security_req_t SEC_OPEN

The following authentication permissions are possible:
• Authentication Required → security_req_t SEC_MITM & SEC_SIGNED & SEC_SIGNED_MITM
• No Authentication Required → security_req_t SEC_OPEN & SEC_JUST_WORKS

The following authorization permissions are possible:
• Authorization Required → security_req_t SEC_MITM & SEC_SIGNED & SEC_SIGNED_MITM
• No Authorization Required → security_req_t SEC_OPEN & SEC_JUST_WORKS

    Best regards.

  • 0 in reply to sdi_kei

    Hello.

    I need your information to create a feature.
    If possible, please reply as soon as possible.

    Best regards.

  • 0 in reply to sdi_kei

    sorry for the delay, i had a covid case in my home and hence had to be away from work

    Yes, your reference settings and its understanding seems ok to me.

  • 0 in reply to Susheel Nuguru

    Hello.

    I'm sorry to hurry.
    How are you feeling. I am glad that you can return safely.

    Your answer was very helpful. Thank you very much.

    Best regards.

Related