#ockam #crypto #network #bluetooth #ble

no-std ockam_transport_ble

Bluetooth Low Energy (BLE) Transport for the Ockam Routing Protocol

30 breaking releases

0.37.0 Mar 3, 2023
0.35.0 Feb 10, 2023
0.31.0 Sep 21, 2022
0.22.0 Jul 18, 2022
0.5.0 Mar 28, 2022

#71 in Cryptography

Download history 1/week @ 2022-11-23 1/week @ 2022-11-30 1/week @ 2022-12-07 26/week @ 2022-12-14 1/week @ 2022-12-21 1/week @ 2023-01-04 5/week @ 2023-01-11 24/week @ 2023-01-18 13/week @ 2023-01-25 85/week @ 2023-02-01 201/week @ 2023-02-08 155/week @ 2023-02-15 19/week @ 2023-02-22 23/week @ 2023-03-01 2/week @ 2023-03-08

199 downloads per month


10K SLoC



cargo build --example 04-routing-over-ble-transport-initiator

cargo run --example 04-routing-over-ble-transport-initiator

cargo run --example 05-secure-channel-over-ble-transport-initiator

Transport Model

All Bluetooth Low Energy (BLE) devices use the Generic Attribute Profile (GATT).

BLE transports will typically be based around GATT concepts and feature the following terminology:


The device initiating GATT commands and requests. For example, a computer or other device managing and collecting data from many embedded BLE devices.


The device which receives GATT commands and requests. For example, a small micro-controller collecting sensor data for transmission to a Client device.

This can be confusing as we are used to the Client being the small device and the Server being the big one!


A data value transferred between client and server, for example, an Ockam packet containing a sensor reading.


A collection of related characteristics, which operate together to perform a particular function. For instance, the Ockam UART (Universal Asynchronous Receiver/Transmitter) service contains the characteristics required to implement the receive and transmit channels.


A descriptor provides additional information about a characteristic. Descriptors are optional and each characteristic can have any number of descriptors.


Services, characteristics, and descriptors are collectively referred to as attributes and are identified by UUIDs.

Any implementer may pick a random or pseudorandom UUID for proprietary uses, but the Bluetooth SIG have reserved a range of UUIDs (xxxxxxxx-0000-1000-8000-00805F9B34FB) for standard attributes.

InteroperaBLE identifier structure

              ^    ^-------------------- Upper bits must be 10_b to represent GUID Variant 1 (i.e. 8, 9, a or b)
              |------------------------- Must be 4 to represent Version 4 - rest are random

Ockam Identifiers

Ockam Identifiers are in the range:


https://stackoverflow.com/questions/10867405/generating-v5-uuid-what-is-name-and-namespace https://www.uuidtools.com/generate/v5 https://www.uuidtools.com/decode

Assigned Identifiers

UART Service Identifier


UART Transmit Characteristic Identifier


UART Receive Characteristic Identifier


Mandatory identifier


ockam -> 0ca?

Setup notes



apt-get install libdbus-1-dev libssl-dev

dbus permissions

Edit /etc/dbus-1/system.d/bluetooth.conf:

<policy user="antoine">
  <allow send_destination="org.bluez"/>
  <allow send_interface="org.bluez.Agent1"/>
  <allow send_interface="org.bluez.GattCharacteristic1"/>
  <allow send_interface="org.bluez.GattDescriptor1"/>
  <allow send_interface="org.freedesktop.DBus.ObjectManager"/>
  <allow send_interface="org.freedesktop.DBus.Properties"/>


To use Bluetooth on macOS Big Sur (11) or later, you need to either package your binary into an application bundle with an Info.plist including NSBluetoothAlwaysUsageDescription, or (for a command-line application such as the examples included with btleplug) enable the Bluetooth permission for your terminal.

You can do the latter by going to:

System Preferences → Security & Privacy → Privacy → Bluetooth

... clicking the '+' button, and selecting 'Terminal' (or iTerm or whichever terminal application you use).

Update: There is currently a bug in macOS Monterey that prevents Bluetooth Discovery for unsigned apps (even if you have given permissions to them)

To fix:

Keychain Access => System Menu => Certificate Assistant => Create a Certificate...

    Name:             Self Signed Root
    Identity Type:    Self Signed Root
    Certificate Type: Code Signing

codesign -f -o runtime --timestamp -s "Self Signed Root" target/debug/examples/04-routing-over-ble-transport-initiator
codesign --entitlements Entitlements.plist -f -o runtime --timestamp -s "Self Signed Root" 04-routing-over-ble-transport-initiator
codesign --entitlements Entitlements.plist -f -o runtime --timestamp -s "Apple Development: Antoine van Gelder (R972JJ8RXX)" 04-routing-over-ble-transport-initiator
codesign -f -o runtime --timestamp -s "Developer ID Application: Antoine van Gelder (HLUFY5JD2L)" 04-routing-over-ble-transport-initiator

codesign --entitlements Entitlements.plist -f -s "Apple Distribution" 04-routing-over-ble-transport-initiator


~1.5M SLoC