Please tell me how to set permissions.

RE: Please tell me how to set permissions.

sdi_kei — Wed, 26 Jan 2022 00:11:08 GMT

Hello.

I'm sorry to hurry.
How are you feeling. I am glad that you can return safely.

Your answer was very helpful. Thank you very much.

Best regards.

RE: Please tell me how to set permissions.

Susheel Nuguru — Tue, 25 Jan 2022 09:25:04 GMT

sorry for the delay, i had a covid case in my home and hence had to be away from work

Yes, your reference settings and its understanding seems ok to me.

RE: Please tell me how to set permissions.

sdi_kei — Fri, 21 Jan 2022 06:37:08 GMT

Hello.

I need your information to create a feature.
If possible, please reply as soon as possible.

Best regards.

RE: Please tell me how to set permissions.

sdi_kei — Fri, 14 Jan 2022 11:41:35 GMT

Hello.

I tried to summarize it with reference to what you taught me.
Please tell me if this is the case.

The following content showed the same thing.

BLE_GAP_CONN_SEC_MODE_SET_NO_ACCESS         ⇔   SEC_NO_ACCESS
BLE_GAP_CONN_SEC_MODE_SET_OPEN              ⇔   SEC_OPEN
BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM       ⇔   SEC_JUST_WORKS
BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM     ⇔   SEC_MITM
BLE_GAP_CONN_SEC_MODE_SET_SIGNED_NO_MITM    ⇔   SEC_SIGNED
BLE_GAP_CONN_SEC_MODE_SET_SIGNED_WITH_MITM  ⇔   SEC_SIGNED_MITM


The following access permissions are possible:
• Readable  → ble_gatt_char_props_t read = 1
• Writeable → ble_gatt_char_props_t write = 1
• Readable and writable → ble_gatt_char_props_t read = 1, write = 1

The following encryption permissions are possible:
• Encryption required → security_req_t SEC_JUST_WORKS & SEC_MITM & SEC_SIGNED & SEC_SIGNED_MITM
• No encryption required → security_req_t SEC_OPEN

The following authentication permissions are possible:
• Authentication Required → security_req_t SEC_MITM & SEC_SIGNED & SEC_SIGNED_MITM
• No Authentication Required → security_req_t SEC_OPEN & SEC_JUST_WORKS

The following authorization permissions are possible:
• Authorization Required → security_req_t SEC_MITM & SEC_SIGNED & SEC_SIGNED_MITM
• No Authorization Required → security_req_t SEC_OPEN & SEC_JUST_WORKS

Best regards.

RE: Please tell me how to set permissions.

sdi_kei — Fri, 24 Dec 2021 09:00:33 GMT

Hello.

What I want to do is create a characteristic that can only be read and written by central devices that meet certain criteria.

At that time, you have to set each characteristic, but I don't know what kind of setting should be done, so please let me know.

Best regards.

RE: Please tell me how to set permissions.

fhfs — Fri, 24 Dec 2021 08:26:24 GMT

• No encryption required
BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM

Correction: BLE_GAP_CONN_SEC_MODE_SET_OPEN

The following authentication permissions are possible:
• Authentication Required

BLE_GAP_CONN_SEC_MODE_SET_SIGNED_NO_MITM and BLE_GAP_CONN_SEC_MODE_SET_SIGNED_WITH_MITM

Authenticate by signature

• No Authentication Required
BLE_GAP_CONN_SEC_MODE_SET_NO_ACCESS

This will block access to the attribute. What is it you want here?

I've only used the Open and LESC with MITM in my projects. What is it you want to achieve specifically?

RE: Please tell me how to set permissions.

sdi_kei — Fri, 24 Dec 2021 05:20:04 GMT

Hello.

Thank you for telling me about the settings.
However, I checked the example, but I didn't understand some points, so please let me know.
This is what we currently know.

The following access permissions are possible:
• Readable
    add_char_params.read_access = SEC_OPEN;
• Writeable
    add_char_params.write_access = SEC_OPEN;
• Readable and writable
    Allow read and write
    
The following encryption permissions are possible:
• Encryption required
    BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM and BLE_GAP_CONN_SEC_MODE_SET_OPEN
• No encryption required
    BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM
    
The following authentication permissions are possible:
• Authentication Required
    not sure
• No Authentication Required
    BLE_GAP_CONN_SEC_MODE_SET_NO_ACCESS
    
The following authorization permissions are possible:
• Authorization Required
    not sure
• No Authorization Required
    not sure

Best regards.

RE: Please tell me how to set permissions.

Susheel Nuguru — Tue, 07 Dec 2021 13:19:20 GMT

[quote user="sdi_kei"]I think Encryption required is set to BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM and No encryption required is BLE_GAP_CONN_SEC_MODE_SET_OPEN.[/quote]

Hi,

Encryption have different levels so it could be

BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM or

BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM

and yes no encryption means you need to set the permissions to open

BLE_GAP_CONN_SEC_MODE_SET_OPEN.

read and write access can be defined to the char properties like below

 add_char_params.read_access  = SEC_OPEN;
add_char_params.write_access = SEC_OPEN;

The following authentication permissions are possible:
• Authentication Required
• No Authentication Required

for the above you have

ble_add_char_params_t in components\softdevice\s112\headers\ble_gatt.h that you can set.

I suggest you to see one of the ble service implementation like

components\ble\ble_services\ble_nus\ble_nus.c:

ble_nus_init to get a closer look a the example to use these settings.

RE: Please tell me how to set permissions.

sdi_kei — Tue, 07 Dec 2021 00:08:17 GMT

Hello.

Do you see the question?
I would be grateful if the support engineer could answer if you like.

Best regards.

RE: Please tell me how to set permissions.

sdi_kei — Mon, 29 Nov 2021 02:53:05 GMT

Hello.

I think Encryption required is set to BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM and No encryption required is BLE_GAP_CONN_SEC_MODE_SET_OPEN.

Can you tell me what else applies?

Best regards.

RE: Please tell me how to set permissions.

fhfs — Fri, 26 Nov 2021 16:01:59 GMT

Have a look at ble_gap.h from the nrf5 SDK.

/**@defgroup BLE_GAP_CONN_SEC_MODE_SET_MACROS GAP attribute security requirement setters
 *
 * See @ref ble_gap_conn_sec_mode_t.
 * @{ */
/**@brief Set sec_mode pointed to by ptr to have no access rights.*/
#define BLE_GAP_CONN_SEC_MODE_SET_NO_ACCESS(ptr)          do {(ptr)->sm = 0; (ptr)->lv = 0;} while(0)
/**@brief Set sec_mode pointed to by ptr to require no protection, open link.*/
#define BLE_GAP_CONN_SEC_MODE_SET_OPEN(ptr)               do {(ptr)->sm = 1; (ptr)->lv = 1;} while(0)
/**@brief Set sec_mode pointed to by ptr to require encryption, but no MITM protection.*/
#define BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM(ptr)        do {(ptr)->sm = 1; (ptr)->lv = 2;} while(0)
/**@brief Set sec_mode pointed to by ptr to require encryption and MITM protection.*/
#define BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM(ptr)      do {(ptr)->sm = 1; (ptr)->lv = 3;} while(0)
/**@brief Set sec_mode pointed to by ptr to require LESC encryption and MITM protection.*/
#define BLE_GAP_CONN_SEC_MODE_SET_LESC_ENC_WITH_MITM(ptr) do {(ptr)->sm = 1; (ptr)->lv = 4;} while(0)
/**@brief Set sec_mode pointed to by ptr to require signing or encryption, no MITM protection needed.*/
#define BLE_GAP_CONN_SEC_MODE_SET_SIGNED_NO_MITM(ptr)     do {(ptr)->sm = 2; (ptr)->lv = 1;} while(0)
/**@brief Set sec_mode pointed to by ptr to require signing or encryption with MITM protection.*/
#define BLE_GAP_CONN_SEC_MODE_SET_SIGNED_WITH_MITM(ptr)   do {(ptr)->sm = 2; (ptr)->lv = 2;} while(0)
/**@} */

For example you can set the write permissions to LESC with MITM when initializing your characteristic:

    ble_gatts_attr_md_t cccd_md;
    BLE_GAP_CONN_SEC_MODE_SET_LESC_ENC_WITH_MITM(&cccd_md.write_perm);