-
• #2
Not at the moment - nobody has requested it so far.
There's getSecurityStatus when operating as a Central: http://www.espruino.com/Reference#l_BluetoothRemoteGATTServer_getSecurityStatus
You effectively want something similar for Peripheral so you could detect if there was no security and close the connection/ignore commands?
-
• #3
Hi @Gordon, yes as a peripheral. No on detection; I want to set up the security modes supported by Nordic to require the various security modes at the GAP layer.
For this specific application, I'd like to mandate LESC with Just Works (since I'm not worried about MITM protection in this application). If I end up coding this in C, I'll start from the Nordic example code in "LE Secure Connections Multirole Example".
I'm not sure whether this is covered in Web Bluetooth, but I'd think you'd want to be able to set the Security Mode and Level as parameters when setting up, perhaps in setting up advertising?
Let me know if the above makes sense. Happy to chat more about it; I've been getting involved in Cybersecurity in my consulting practice and need to be able to practice what I preach!
New aphorism I saw: "The S in IoT stands for Security".
Thanks! Bill
-
• #4
Honestly, this is going to end up being pretty low priority for me until more people want it or it's actually required for a big order. However it doesn't mean you can't get it done.
The majority of the code for connection handling in Espruino is here: https://github.com/espruino/Espruino/blob/master/targets/nrf5x/bluetooth.c
It's just like a massive version of an nRF example - If you search for
mitm
and compare code sections you'll probably find the bits you need.Maybe try building your own version of Espruino with those changes and see if you can get it to do what you want. Even if you don't feel up to creating a pull request with the full code that allows it to be turned on and off, I could add that bit of the code once I know what code changes you had to make to make it do what you want.
-
• #5
Thanks @gordon! I understand the aphorism is more truth than humor.
Thanks for the pointers to the code; it does indeed look like I might be able to make a version to implement the security I want as default behavior. I'll give it a try and let you know if I'm successful. It is worth trying to use espruino to have flexibility.
I'm using the NRF52832 dev board version and running it on an Adafruit board for a small project for a local theater. We don't want some smart patron to grab the peripheral with their phone.
Thanks again -- Bill
@Gordon Any support in the works for LE security modes control as a peripheral?