Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[PW_SID:555113] Optionally require security for notify/indicate #1014

Closed
wants to merge 2 commits into from
Closed

[PW_SID:555113] Optionally require security for notify/indicate #1014

wants to merge 2 commits into from

Conversation

BluezTestBot
Copy link
Owner

In some cases, it is desirable to require encryption and/or
authentication for server-initiated updates, as they may contain
sensitive data.

Currently, there is no way to do this with BlueZ.

Here is a query about this feature from 2019:
https://stackoverflow.com/questions/55884233

This patch implements this feature by introducing new x-asynchronous
flags that allow a user to restrict access to a characteristic's CCCD
(as well as documentation for those flags).

Dagan Martinez (2):
gatt: allow GATT server to dicate CCC permissions
doc/gatt-api: Add 'X-asynchronous` permissions

doc/gatt-api.txt | 11 ++++++++++-

@Property404 @BluezTestBot
gatt: allow GATT server to dicate CCC permissions
b44348c 
Allow a GATT server to impose permissions/restrictions on a CCC by
setting additional `X-asynchronous` permissions on its associated
characteristic.

This allows a developer to require encryption/authentication in order
for a GATT client to subscribe to server-initiated updates.

Test procedure:
Attempt to read/write with a "low" security level on an unprotected CCC
using gatttool, and succeed
Attempt to READ with a "low" security level on an protected CCC
using gatttool, and succeed
Attempt to WRITE with a "low" security level on an protected CCC
using gatttool, and fail
Attempt to read/write while paired on a protected CCC using
`bluetoothctl`, and succeed
@Property404 @BluezTestBot
doc/gatt-api: Add 'X-asynchronous` permissions
a2dcb88 
Update docs to reflect the addition of `X-asynchronous` permissions,
which allow a GATT server to restrict CCC write permissions via
permissions set on its associated characteristic.
@BluezTestBot
Copy link
Owner Author

CheckPatch
Test ID: checkpatch
Desc: Run checkpatch.pl script with rule in .checkpatch.conf
Duration: 0.88 seconds
Result: FAIL

Output:

[BlueZ,1/2] gatt: allow GATT server to dicate CCC permissions
WARNING:LONG_LINE: line length of 81 exceeds 80 columns
#144: FILE: src/gatt-database.c:1229:
+									0, NULL);

WARNING:LONG_LINE: line length of 81 exceeds 80 columns
#154: FILE: src/gatt-database.c:1694:
+		} else if (!strcmp("encrypt-authenticated-asynchronous", flag)) {

WARNING:LONG_LINE: line length of 86 exceeds 80 columns
#166: FILE: src/gatt-database.c:2797:
+						ccc_write_cb, chrc, chrc->perm, NULL);

/github/workspace/src/12526275.patch total: 0 errors, 3 warnings, 70 lines checked

NOTE: For some of the reported defects, checkpatch may be able to
      mechanically convert to the typical style using --fix or --fix-inplace.

/github/workspace/src/12526275.patch has style problems, please review.

NOTE: Ignored message types: COMMIT_MESSAGE COMPLEX_MACRO CONST_STRUCT FILE_PATH_CHANGES MISSING_SIGN_OFF PREFER_PACKED SPDX_LICENSE_TAG SPLIT_STRING SSCANF_TO_KSTRTO

NOTE: If any of the errors are false positives, please report
      them to the maintainer, see CHECKPATCH in MAINTAINERS.

@BluezTestBot
Copy link
Owner Author

GitLint
Test ID: gitlint
Desc: Run gitlint with rule in .gitlint
Duration: 0.59 seconds
Result: PASS

@BluezTestBot
Copy link
Owner Author

Prep - Setup ELL
Test ID: setupell
Desc: Clone, build, and install ELL
Duration: 44.86 seconds
Result: PASS

@BluezTestBot
Copy link
Owner Author

Build - Prep
Test ID: buildprep
Desc: Prepare environment for build
Duration: 0.18 seconds
Result: PASS

@BluezTestBot
Copy link
Owner Author

Build - Configure
Test ID: build
Desc: Configure the BlueZ source tree
Duration: 7.90 seconds
Result: PASS

@BluezTestBot
Copy link
Owner Author

Build - Make
Test ID: buildmake
Desc: Build the BlueZ source tree
Duration: 161.42 seconds
Result: FAIL

Output:

src/gatt-database.c: In function ‘service_add_ccc’:
src/gatt-database.c:1060:2: error: ISO C90 forbids mixed declarations and code [-Werror=declaration-after-statement]
 1060 |  uint32_t permissions = BT_ATT_PERM_READ | BT_ATT_PERM_WRITE;
      |  ^~~~~~~~
cc1: all warnings being treated as errors
make[1]: *** [Makefile:9212: src/bluetoothd-gatt-database.o] Error 1
make: *** [Makefile:4151: all] Error 2

@BluezTestBot
Copy link
Owner Author

Make Check
Test ID: makecheck
Desc: Run 'make check'
Duration: 1.37 seconds
Result: FAIL

Output:

src/gatt-database.c: In function ‘service_add_ccc’:
src/gatt-database.c:1060:2: error: ISO C90 forbids mixed declarations and code [-Werror=declaration-after-statement]
 1060 |  uint32_t permissions = BT_ATT_PERM_READ | BT_ATT_PERM_WRITE;
      |  ^~~~~~~~
cc1: all warnings being treated as errors
make[1]: *** [Makefile:9212: src/bluetoothd-gatt-database.o] Error 1
make: *** [Makefile:10443: check] Error 2

@BluezTestBot
Copy link
Owner Author

Make Distcheck
Test ID: makedistcheck
Desc: Run distcheck to check the distribution
Duration: 223.29 seconds
Result: PASS

@BluezTestBot
Copy link
Owner Author

Build w/ext ELL - Configure
Test ID: build_extell
Desc: Configure BlueZ source with '--enable-external-ell' configuration
Duration: 7.79 seconds
Result: PASS

@BluezTestBot
Copy link
Owner Author

Build w/ext ELL - Make
Test ID: build_extell_make
Desc: Build BlueZ source with '--enable-external-ell' configuration
Duration: 143.08 seconds
Result: FAIL

Output:

src/gatt-database.c: In function ‘service_add_ccc’:
src/gatt-database.c:1060:2: error: ISO C90 forbids mixed declarations and code [-Werror=declaration-after-statement]
 1060 |  uint32_t permissions = BT_ATT_PERM_READ | BT_ATT_PERM_WRITE;
      |  ^~~~~~~~
cc1: all warnings being treated as errors
make[1]: *** [Makefile:9212: src/bluetoothd-gatt-database.o] Error 1
make: *** [Makefile:4151: all] Error 2

@BluezTestBot BluezTestBot deleted the 555113 branch September 29, 2021 19:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@BluezTestBot @Property404