nRF52: If passkey or oob is set in setSecurity, ensure that the UART …

…connection requires encryption (fix #1705)

ChangeLog

@@ -33,6 +33,7 @@
             dump() is now aware of pretokenised code (fix #1821)
             Merge jsvStringIteratorGetChar + jsvStringIteratorNext into jsvStringIteratorGetCharAndNext (fix #1816)
             Fix 2v05 regression that stopped process.uncaughtException from working (had been moved to E.uncaughtException)
+            nRF52: If passkey or oob is set in setSecurity, ensure that the UART connection requires encryption (fix #1705)
 
      2v05 : Add Array.includes
             Fix (Number.toFixed) rounding, eg (1234.505).toFixed(2)

libs/bluetooth/bluetooth.h

@@ -95,12 +95,12 @@ typedef enum  {
   BLE_IS_NOT_CONNECTABLE = 2048, //< Is the device connectable?
   BLE_IS_NOT_SCANNABLE = 4096, //< Is the device scannable? eg, scan response
   BLE_WHITELIST_ON_BOND = 8192,  //< Should we write to the whitelist whenever we bond to a device?
-
   BLE_DISABLE_DYNAMIC_INTERVAL = 16384, //< Disable automatically changing interval based on BLE peripheral activity
+  BLE_ENCRYPT_UART = 32768,  //< Has security with encryption been requested (if so UART must require it)
 
-  BLE_IS_ADVERTISING_MULTIPLE = 32768, // We have multiple different advertising packets
-  BLE_ADVERTISING_MULTIPLE_ONE = 65536,
-  BLE_ADVERTISING_MULTIPLE_SHIFT = 16,//GET_BIT_NUMBER(BLE_ADVERTISING_MULTIPLE_ONE),
+  BLE_IS_ADVERTISING_MULTIPLE = 65536, // We have multiple different advertising packets
+  BLE_ADVERTISING_MULTIPLE_ONE = 131072,
+  BLE_ADVERTISING_MULTIPLE_SHIFT = 17,//GET_BIT_NUMBER(BLE_ADVERTISING_MULTIPLE_ONE),
   BLE_ADVERTISING_MULTIPLE_MASK = 255 << BLE_ADVERTISING_MULTIPLE_SHIFT,
 
   /// These are flags that should be reset when the softdevice starts up

libs/bluetooth/jswrap_bluetooth.c

@@ -2799,13 +2799,19 @@ NRF.setServices({
   }
 });
 ```
+
+**Note:** If `passkey` or `oob` is specified, the Nordic UART service (if enabled)
+will automatically be set to require encryption, but otherwise it is open.
 */
 void jswrap_ble_setSecurity(JsVar *options) {
   if (!jsvIsObject(options) && !jsvIsUndefined(options))
     jsExceptionHere(JSET_TYPEERROR, "Expecting an object or undefined, got %t", options);
   else {
     jsvObjectSetOrRemoveChild(execInfo.hiddenRoot, BLE_NAME_SECURITY, options);
     jsble_update_security();
+    // If we need UART to be encrypted, we need to trigger a restart
+    if (bleStatus & BLE_NEEDS_SOFTDEVICE_RESTART)
+      jswrap_ble_restart();
   }
 }
 

targetlibs/nrf5x_12/components/ble/ble_services/ble_nus/ble_nus.c

@@ -149,8 +149,13 @@ static uint32_t rx_char_add(ble_nus_t * p_nus, const ble_nus_init_t * p_nus_init
 
     memset(&attr_md, 0, sizeof(attr_md));
 
-    BLE_GAP_CONN_SEC_MODE_SET_OPEN(&attr_md.read_perm);
-    BLE_GAP_CONN_SEC_MODE_SET_OPEN(&attr_md.write_perm);
+    if (p_nus_init->encrypt) {
+      BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM(&attr_md.read_perm);
+      BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM(&attr_md.write_perm);
+    } else {
+      BLE_GAP_CONN_SEC_MODE_SET_OPEN(&attr_md.read_perm);
+      BLE_GAP_CONN_SEC_MODE_SET_OPEN(&attr_md.write_perm);
+    }
 
     attr_md.vloc    = BLE_GATTS_VLOC_STACK;
     attr_md.rd_auth = 0;
@@ -202,8 +207,13 @@ static uint32_t tx_char_add(ble_nus_t * p_nus, const ble_nus_init_t * p_nus_init
 
     memset(&attr_md, 0, sizeof(attr_md));
 
-    BLE_GAP_CONN_SEC_MODE_SET_OPEN(&attr_md.read_perm);
-    BLE_GAP_CONN_SEC_MODE_SET_OPEN(&attr_md.write_perm);
+    if (p_nus_init->encrypt) {
+      BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM(&attr_md.read_perm);
+      BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM(&attr_md.write_perm);
+    } else {
+      BLE_GAP_CONN_SEC_MODE_SET_OPEN(&attr_md.read_perm);
+      BLE_GAP_CONN_SEC_MODE_SET_OPEN(&attr_md.write_perm);
+    }
 
     attr_md.vloc    = BLE_GATTS_VLOC_STACK;
     attr_md.rd_auth = 0;

targetlibs/nrf5x_12/components/ble/ble_services/ble_nus/ble_nus.h

@@ -87,6 +87,7 @@ typedef void (*ble_nus_data_handler_t) (ble_nus_t * p_nus, uint8_t * p_data, uin
 typedef struct
 {
     ble_nus_data_handler_t data_handler; /**< Event handler to be called for handling received data. */
+    bool encrypt; //< GW added - require encryption
 } ble_nus_init_t;
 
 /**@brief Nordic UART Service structure.

targetlibs/nrf5x_15/patches/0010-BLE-encrypt-NUS.patch

@@ -0,0 +1,42 @@
+--- targetlibs/nrf5x_15/components/ble/ble_services/ble_nus/ble_nus.c	2018-03-22 15:25:08.000000000 +0000
++++ targetlibs/nrf5x_15/components/ble/ble_services/ble_nus/ble_nus.c	2020-05-13 10:28:38.926572968 +0100
+@@ -252,8 +257,13 @@
+
+     memset(&attr_md, 0, sizeof(attr_md));
+
+-    BLE_GAP_CONN_SEC_MODE_SET_OPEN(&attr_md.read_perm);
+-    BLE_GAP_CONN_SEC_MODE_SET_OPEN(&attr_md.write_perm);
++    if (p_nus_init->encrypt) {
++      BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM(&attr_md.read_perm);
++      BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM(&attr_md.write_perm);
++    } else {
++      BLE_GAP_CONN_SEC_MODE_SET_OPEN(&attr_md.read_perm);
++      BLE_GAP_CONN_SEC_MODE_SET_OPEN(&attr_md.write_perm);
++    }
+
+     attr_md.vloc    = BLE_GATTS_VLOC_STACK;
+     attr_md.rd_auth = 0;
+@@ -305,8 +315,13 @@
+
+     memset(&attr_md, 0, sizeof(attr_md));
+
+-    BLE_GAP_CONN_SEC_MODE_SET_OPEN(&attr_md.read_perm);
+-    BLE_GAP_CONN_SEC_MODE_SET_OPEN(&attr_md.write_perm);
++    if (p_nus_init->encrypt) {
++      BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM(&attr_md.read_perm);
++      BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM(&attr_md.write_perm);
++    } else {
++      BLE_GAP_CONN_SEC_MODE_SET_OPEN(&attr_md.read_perm);
++      BLE_GAP_CONN_SEC_MODE_SET_OPEN(&attr_md.write_perm);
++    }
+
+     attr_md.vloc    = BLE_GATTS_VLOC_STACK;
+     attr_md.rd_auth = 0;
+--- targetlibs/nrf5x_15/components/ble/ble_services/ble_nus/ble_nus.h	2018-03-22 15:25:08.000000000 +0000
++++ targetlibs/nrf5x_15/components/ble/ble_services/ble_nus/ble_nus.h	2020-05-13 10:26:53.632988548 +0100
+@@ -173,6 +173,7 @@
+ typedef struct
+ {
+     ble_nus_data_handler_t data_handler; /**< Event handler to be called for handling received data. */
++    bool encrypt; //< GW added - require encryption
+ } ble_nus_init_t;

targets/nrf5x/bluetooth.c

@@ -1909,11 +1909,13 @@ static ble_gap_sec_params_t get_gap_sec_params() {
 
 void jsble_update_security() {
 #if PEER_MANAGER_ENABLED
+  bool encryptUart = false;
   ble_gap_sec_params_t sec_param = get_gap_sec_params();
+  // encrypt UART for out of band pairing
+  if (sec_param.oob) encryptUart = true;
 
   uint32_t err_code = pm_sec_params_set(&sec_param);
   jsble_check_error(err_code);
-#endif
 
   JsVar *options = jsvObjectGetChild(execInfo.hiddenRoot, BLE_NAME_SECURITY, 0);
   if (jsvIsObject(options)) {
@@ -1925,10 +1927,23 @@ void jsble_update_security() {
     jsvUnLock(v);
     //jsiConsolePrintf("PASSKEY %d %d %d %d %d %d\n",passkey[0],passkey[1],passkey[2],passkey[3],passkey[4],passkey[5]);
     ble_opt_t pin_option;
-    pin_option.gap_opt.passkey.p_passkey = passkey[0] ? passkey : NULL;
+    pin_option.gap_opt.passkey.p_passkey = NULL;
+    if (passkey[0]) {
+      pin_option.gap_opt.passkey.p_passkey = passkey;
+      encryptUart = true;
+    }
     uint32_t err_code =  sd_ble_opt_set(BLE_GAP_OPT_PASSKEY, &pin_option);
     jsble_check_error(err_code);
   }
+  // If UART encryption status changed, we need to update flags and restart Bluetooth
+  if ((bleStatus&BLE_ENCRYPT_UART) != encryptUart) {
+    if (encryptUart) bleStatus |= BLE_ENCRYPT_UART;
+    else bleStatus &= ~BLE_ENCRYPT_UART;
+    // But only restart if the UART was enabled
+    if (bleStatus & BLE_NUS_INITED)
+      bleStatus |= BLE_NEEDS_SOFTDEVICE_RESTART;
+  }
+#endif
 }
 
 #if PEER_MANAGER_ENABLED
@@ -2140,6 +2155,14 @@ static void services_init() {
       ble_nus_init_t nus_init;
       memset(&nus_init, 0, sizeof(nus_init));
       nus_init.data_handler = nus_data_handler;
+#if (NRF_SD_BLE_API_VERSION==3) || (NRF_SD_BLE_API_VERSION==6)
+      if (bleStatus & BLE_ENCRYPT_UART)
+        nus_init.encrypt = true;
+#else
+#if PEER_MANAGER_ENABLED
+#warning "No security on Nordic UART for this softdevice"
+#endif
+#endif
       err_code = ble_nus_init(&m_nus, &nus_init);
       APP_ERROR_CHECK(err_code);
       bleStatus |= BLE_NUS_INITED;