bluetooth: services: nus: update security configuration

eivindj-nordic · eivindj-nordic · commit a1a64c7fa89e · 2025-11-12T13:34:19.000+01:00
Update security configuration for NUS service.

Signed-off-by: Eivind Jølsgard &lt;eivind.jolsgard@nordicsemi.no&gt;
diff --git a/doc/nrf-bm/release_notes/release_notes_changelog.rst b/doc/nrf-bm/release_notes/release_notes_changelog.rst
@@ -144,6 +144,7 @@ BLE Services
   * :ref:`lib_ble_service_hrs` service.
   * :ref:`lib_ble_service_lbs` service.
   * :ref:`lib_ble_service_mcumgr` service.
+  * :ref:`lib_ble_service_nus` service.
 
 * :ref:`lib_ble_service_nus` service:
 
diff --git a/include/bm/bluetooth/services/ble_nus.h b/include/bm/bluetooth/services/ble_nus.h
@@ -17,6 +17,7 @@
 #include <stdint.h>
 #include <stdbool.h>
 #include <ble.h>
+#include <bm/bluetooth/services/common.h>
 #include <bm/softdevice_handler/nrf_sdh_ble.h>
 
 #ifdef __cplusplus
@@ -50,6 +51,19 @@ void ble_nus_on_ble_evt(ble_evt_t const *ble_evt, void *context);
 			     &_name,                                                               \
 			     0)
 
+/** @brief Default security configuration. */
+#define BLE_NUS_CONFIG_SEC_MODE_DEFAULT                                                            \
+	{                                                                                          \
+		.nus_rx_char = {                                                                   \
+			.read = BLE_GAP_CONN_SEC_MODE_OPEN,                                        \
+			.write = BLE_GAP_CONN_SEC_MODE_OPEN,                                       \
+		},                                                                                 \
+		.nus_tx_char = {                                                                   \
+			.read = BLE_GAP_CONN_SEC_MODE_OPEN,                                        \
+			.cccd_write = BLE_GAP_CONN_SEC_MODE_OPEN,                                  \
+		},                                                                                 \
+	}
+
 #define OPCODE_LENGTH 1
 #define HANDLE_LENGTH 2
 
@@ -132,6 +146,23 @@ typedef void (*ble_nus_evt_handler_t) (const struct ble_nus_evt *evt);
 struct ble_nus_config {
 	/** Event handler to be called for handling received data. */
 	ble_nus_evt_handler_t evt_handler;
+	/** Security configuration. */
+	struct {
+		/** NUS Service RX characteristic */
+		struct {
+			/** Security requirement for reading NUS rx characteristic value. */
+			ble_gap_conn_sec_mode_t read;
+			/** Security requirement for writing NUS rx characteristic value. */
+			ble_gap_conn_sec_mode_t write;
+		} nus_rx_char;
+		/** NUS Service TX characteristic */
+		struct {
+			/** Security requirement for reading NUS TX characteristic value. */
+			ble_gap_conn_sec_mode_t read;
+			/** Security requirement for writing NUS TX characteristic CCCD. */
+			ble_gap_conn_sec_mode_t cccd_write;
+		} nus_tx_char;
+	} sec_mode;
 };
 
 /**
diff --git a/samples/bluetooth/ble_nus/src/main.c b/samples/bluetooth/ble_nus/src/main.c
@@ -453,6 +453,7 @@ int main(void)
 
 	struct ble_nus_config nus_cfg = {
 		.evt_handler = ble_nus_evt_handler,
+		.sec_mode = BLE_NUS_CONFIG_SEC_MODE_DEFAULT,
 	};
 	struct ble_qwr_config qwr_config = {
 		.evt_handler = ble_qwr_evt_handler,
diff --git a/subsys/bluetooth/services/ble_nus/nus.c b/subsys/bluetooth/services/ble_nus/nus.c
@@ -38,6 +38,8 @@ static uint32_t nus_rx_char_add(struct ble_nus *nus, struct ble_nus_config const
 	ble_gatts_attr_md_t attr_md = {
 		.vloc = BLE_GATTS_VLOC_STACK,
 		.vlen = true,
+		.read_perm = cfg->sec_mode.nus_rx_char.read,
+		.write_perm = cfg->sec_mode.nus_rx_char.write,
 	};
 	ble_gatts_attr_t attr_char_value = {
 		.p_uuid = &char_uuid,
@@ -47,9 +49,6 @@ static uint32_t nus_rx_char_add(struct ble_nus *nus, struct ble_nus_config const
 		.max_len = BLE_NUS_MAX_DATA_LEN,
 	};
 
-	BLE_GAP_CONN_SEC_MODE_SET_OPEN(&attr_md.read_perm);
-	BLE_GAP_CONN_SEC_MODE_SET_OPEN(&attr_md.write_perm);
-
 	/* Add Nordic UART RX characteristic declaration and value attributes. */
 	return sd_ble_gatts_characteristic_add(nus->service_handle, &char_md, &attr_char_value,
 					       &nus->rx_handles);
@@ -62,7 +61,9 @@ static uint32_t nus_tx_char_add(struct ble_nus *nus, struct ble_nus_config const
 		.uuid = BLE_UUID_NUS_TX_CHARACTERISTIC,
 	};
 	ble_gatts_attr_md_t cccd_md = {
-		.vloc = BLE_GATTS_VLOC_STACK
+		.vloc = BLE_GATTS_VLOC_STACK,
+		.read_perm = BLE_GAP_CONN_SEC_MODE_OPEN,
+		.write_perm = cfg->sec_mode.nus_tx_char.cccd_write,
 	};
 	ble_gatts_char_md_t char_md = {
 		.char_props = {
@@ -73,6 +74,7 @@ static uint32_t nus_tx_char_add(struct ble_nus *nus, struct ble_nus_config const
 	ble_gatts_attr_md_t attr_md = {
 		.vloc = BLE_GATTS_VLOC_STACK,
 		.vlen = true,
+		.read_perm = cfg->sec_mode.nus_tx_char.read,
 	};
 	ble_gatts_attr_t attr_char_value = {
 		.p_uuid = &char_uuid,
@@ -82,12 +84,6 @@ static uint32_t nus_tx_char_add(struct ble_nus *nus, struct ble_nus_config const
 		.max_len = BLE_NUS_MAX_DATA_LEN,
 	};
 
-	BLE_GAP_CONN_SEC_MODE_SET_OPEN(&attr_md.read_perm);
-
-	/* Setup CCCD */
-	BLE_GAP_CONN_SEC_MODE_SET_OPEN(&cccd_md.read_perm);
-	BLE_GAP_CONN_SEC_MODE_SET_OPEN(&cccd_md.write_perm);
-
 	/* Add Nordic UART TX declaration, value and CCCD attributes */
 	return sd_ble_gatts_characteristic_add(nus->service_handle, &char_md, &attr_char_value,
 					       &nus->tx_handles);
