Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[PW_SID:555789] Optionally require security for notify/indicate #1017

Closed
wants to merge 2 commits into from
Closed

[PW_SID:555789] Optionally require security for notify/indicate #1017

wants to merge 2 commits into from

Conversation

BluezTestBot
Copy link
Owner

In some cases, it is desirable to require encryption and/or
authentication for server-initiated updates, as they may contain
sensitive data.

Currently, there is no way to do this with BlueZ.

Here is a query about this feature from 2019:
https://stackoverflow.com/questions/55884233

This patch implements this feature by introducing new x-notify and
x-indicate flags that allow a user to restrict access to a
characteristic's CCCD (as well as documentation for those flags).

Note that x-notify and x-indicate each enforce security for ALL
server-initiated updates. That is, you cannot require one level of
security for notifications and another security level for indications on
the same CCCD. I could not think of a reason why somebody would want
that feature, and did not think the accuracy of terms would be worth the
introduced complexity, so I didn't implement it.

@Property404 @BluezTestBot
gatt: Allow GATT server to dicate CCC permissions
0a87692 
Allow a GATT server to impose permissions/restrictions on a CCC by
setting additional `X-notify` and `X-indicate` permissions on its
associated characteristic.

This allows a developer to require encryption/authentication in order
for a GATT client to subscribe to server-initiated updates.

Test procedure:
Attempt to read/write with a "low" security level on an unprotected CCC
using gatttool, and succeed
Attempt to READ with a "low" security level on an protected CCC
using gatttool, and succeed
Attempt to WRITE with a "low" security level on an protected CCC
using gatttool, and fail
Attempt to read/write while paired on a protected CCC using
`bluetoothctl`, and succeed
@Property404 @BluezTestBot
doc/gatt-api: Add 'X-notify/X-indicate`
77d3d4d 
Update docs to reflect the addition of the `X-notify` and `X-indicate`
permissions, which allow a GATT server to restrict CCC write permissions
via permissions set on its associated characteristic.
@BluezTestBot
Copy link
Owner Author

CheckPatch
Test ID: checkpatch
Desc: Run checkpatch.pl script with rule in .checkpatch.conf
Duration: 2.76 seconds
Result: PASS

@BluezTestBot
Copy link
Owner Author

GitLint
Test ID: gitlint
Desc: Run gitlint with rule in .gitlint
Duration: 1.84 seconds
Result: PASS

@BluezTestBot BluezTestBot deleted the 555789 branch October 1, 2021 15:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@BluezTestBot @Property404