From 0712f606f13dd3c48ad485f1c784c26f419af70e Mon Sep 17 00:00:00 2001 From: h2zero <32826625+h2zero@users.noreply.github.com> Date: Sun, 21 Jun 2020 20:26:16 -0600 Subject: [PATCH] Don't send notifications to un-paired peers when READ_ENC set (#14) * start security when peer subscribes to secured characteristic * Don't send notifications to non-secure clients --- src/NimBLECharacteristic.cpp | 15 +++++++++++++-- src/NimBLECharacteristic.h | 2 +- src/NimBLEServer.cpp | 17 ++++++++++++++--- 3 files changed, 28 insertions(+), 6 deletions(-) diff --git a/src/NimBLECharacteristic.cpp b/src/NimBLECharacteristic.cpp index bf93b8e..a51c3f1 100644 --- a/src/NimBLECharacteristic.cpp +++ b/src/NimBLECharacteristic.cpp @@ -137,7 +137,7 @@ uint16_t NimBLECharacteristic::getHandle() { } // getHandle -uint8_t NimBLECharacteristic::getProperties() { +uint16_t NimBLECharacteristic::getProperties() { return m_properties; } // getProperties @@ -346,6 +346,9 @@ void NimBLECharacteristic::notify(bool is_notification) { std::string value = getValue(); size_t length = value.length(); + bool reqSec = (m_properties & BLE_GATT_CHR_F_READ_AUTHEN) || + (m_properties & BLE_GATT_CHR_F_READ_AUTHOR) || + (m_properties & BLE_GATT_CHR_F_READ_ENC); int rc = 0; for (auto &it : p2902->m_subscribedVec) { @@ -353,10 +356,18 @@ void NimBLECharacteristic::notify(bool is_notification) { // check if connected and subscribed if(_mtu == 0 || it.sub_val == 0) { - //NIMBLE_LOGD(LOG_TAG, "peer not connected"); continue; } + // check if security requirements are satisfied + if(reqSec) { + struct ble_gap_conn_desc desc; + rc = ble_gap_conn_find(it.conn_id, &desc); + if(rc != 0 || !desc.sec_state.encrypted) { + continue; + } + } + if (length > _mtu - 3) { NIMBLE_LOGW(LOG_TAG, "- Truncating to %d bytes (maximum notify size)", _mtu - 3); } diff --git a/src/NimBLECharacteristic.h b/src/NimBLECharacteristic.h index 1624f9a..4d418d3 100644 --- a/src/NimBLECharacteristic.h +++ b/src/NimBLECharacteristic.h @@ -107,7 +107,7 @@ private: ~NimBLECharacteristic(); NimBLEService* getService(); - uint8_t getProperties(); + uint16_t getProperties(); void setSubscribe(struct ble_gap_event *event); static int handleGapEvent(uint16_t conn_handle, uint16_t attr_handle, struct ble_gatt_access_ctxt *ctxt, void *arg); diff --git a/src/NimBLEServer.cpp b/src/NimBLEServer.cpp index d1d1fa9..376b021 100644 --- a/src/NimBLEServer.cpp +++ b/src/NimBLEServer.cpp @@ -181,8 +181,8 @@ int NimBLEServer::disconnect(uint16_t connId, uint8_t reason) { NimBLEUtils::returnCodeToString(rc)); } - return rc; NIMBLE_LOGD(LOG_TAG, "<< disconnect()"); + return rc; } // disconnect @@ -230,7 +230,6 @@ size_t NimBLEServer::getConnectedCount() { else { server->m_connectedPeersVec.push_back(event->connect.conn_handle); - ble_gap_conn_desc desc; rc = ble_gap_conn_find(event->connect.conn_handle, &desc); assert(rc == 0); @@ -276,6 +275,18 @@ size_t NimBLEServer::getConnectedCount() { for(auto &it : server->m_notifyChrVec) { if(it->getHandle() == event->subscribe.attr_handle) { + if((it->getProperties() & BLE_GATT_CHR_F_READ_AUTHEN) || + (it->getProperties() & BLE_GATT_CHR_F_READ_AUTHOR) || + (it->getProperties() & BLE_GATT_CHR_F_READ_ENC)) + { + rc = ble_gap_conn_find(event->subscribe.conn_handle, &desc); + assert(rc == 0); + + if(!desc.sec_state.encrypted) { + NimBLEDevice::startSecurity(event->subscribe.conn_handle); + } + } + it->setSubscribe(event); break; } @@ -330,7 +341,7 @@ size_t NimBLEServer::getConnectedCount() { } // BLE_GAP_EVENT_REPEAT_PAIRING case BLE_GAP_EVENT_ENC_CHANGE: { - rc = ble_gap_conn_find(event->conn_update.conn_handle, &desc); + rc = ble_gap_conn_find(event->enc_change.conn_handle, &desc); if(rc != 0) { return BLE_ATT_ERR_INVALID_HANDLE; }