DA14531 Codeless with security

Hi Adams,

Thank you for posting your question online.
In order to activate the Security features for your Central you will have to define the CFG_BOND_CMD_SUPPORTED. In case you are not able to compile the project due to size issues please exclude the SUOTA feature so you can have more space.
Then try the following for your Peripheral:
AT+SEC=0
AT+PIN=123456
AT+BDADDR
The following for your Central:
AT+ADVSTOP

AT+CENTRAL

AT+SEC=0
AT+PIN=123456
AT+GAPSCAN
AT+GAPCONNECT=result from AT+BDADDR of peripheral

The devices will pair and connect. You can try to give a wrong PIN on your Central and you can see that it will not connect. 


On the left side is the Central and on the right side the peripheral.
As you can see on the Peripheral Side the Bonding Failed the first time because I had given a wrong PIN on the Central Side.
When I gave the same PIN on both Central and Peripheral I was able to pair them.

Kind Regards,
OV_Renesas

HI,

I found CFG_BOND_CMD_SUPPORTED in the da1458x_config_advanced.h file, but it is always off in Keil C and I cannot turn it on.

I have selected the correct model, is there anything else I need to set? 

Am I only turn off SOUTA in the user_modules_config.h?"

Hi Adams,

Please refer to Options for Target to see which are ARM Compiler you are using:


Please check below I have defined the CFG_BOND_CMD_SUPPORTED on the three Codeless Sets available for DA14531. So you can test the pairing procedure from your side.

Kind Regards,
OV_Renesas
CodeLess_HEX_Central_Sec.zip

Thank you for your assistance,

I enabled the definition of CFG_BOND_CMD_SUPPORTED on lines 480 and 519,

currently the test can proceed with bonding connection.

 Most features are disable in user_at_commands.h .

But, there are still many warnings generated about memory size.

Hi Adams,

Glad you were able to make it work.
The warnings are in case your project exceeds the 32Kb size. You code size is 29880 so there is not a problem.
Regarding the Keil showing your code grayed off, could you please share from Options for Target which ARM Compiler are you using? And which Keil edition are you working with?
If you found any answers helpful, you could verify them so you could help others in the community as well.

Kind Regards,
OV_Renesas

HI, 
The following is the version information I am using.

Another issue:

I first paired DA14531 Central with 14531 peripheral, and then both my phone and computer paired with the peripheral.

When I tried to connect the DA14531 Central with the peripheral again, both failed to connect. I need to run AT+CLRBNDE before the DA14531 Central can be paired with the peripheral again.

How many devices can DA14531 be paired with at most?

Can Codeless only limit one device to pair, or do I need to modify the source code by myself?

Hi Adams,

Regarding the Grayed out code:

Could you try to download the latest μVision V5.37 as well as ARM Compiler V6.18?
I believe this should fix your grayed out code problem.
Regarding the other issue:

I am a bit confused on what you did. You said:

Adams said:

I first paired DA14531 Central with 14531 peripheral, and then both my phone and computer paired with the peripheral.

How did you connect two central devices (DA14531 Central and Smartphone Central) to your DA14531 peripheral? Peripheral devices can connect only to 1 Central. Only the central devices can connect to more than 1 peripherals.
I connected two DA14531 with AT+SEC=0, AT+PIN=123456.
Then I disconnected them, and I connected to the DA14531 peripheral via the SmartConsole App. I gave the correct PIN and connection was successful.
Then I tried to connect from my DA14531 Central again and I was able to connect to the DA14531 peripheral.

Kind Regards,
OV_Renesas

HI, 

I'm sorry for not explaining very clearly.
I not mean two centrals connected to one peripheral at the same time.

step1 : DA14531 Central connect DA14531 peripheral with security .Then disconnect.

step2 : mobile phone Connect to DA14531 peripheral and give correct PIN. Then disconnect.
step3 :Laptop  Connect to DA14531 peripheral and give correct PIN . Then disconnect.

Finally go back to DA14531 Central connect DA14531 peripheral. --> Unable to connect successfully.

Hi Adams,

Thank you for clarifying.
You can find on app_bond_db.h file:

/// Max number of bonded peers
#ifndef USER_CFG_BOND_DB_MAX_BONDED_PEERS
    #if defined (__DA14531__) 
        #define APP_BOND_DB_MAX_BONDED_PEERS    (2)    
    #else 
        #define APP_BOND_DB_MAX_BONDED_PEERS    (5)
    #endif
#else
#define APP_BOND_DB_MAX_BONDED_PEERS    (USER_CFG_BOND_DB_MAX_BONDED_PEERS)
#endif // USER_CFG_BOND_DB_MAX_BONDED_PEERS

Hi, 
If DA14531 Central is bound to DA14531 Peripheral,
I hope that DA14531 Peripheral can only be bound to one device,
Other devices cannot be bound to Peripheral again.
It cannot be re-paired until the Peripheral executes the AT+CLRBNDE command.
How to implement this function?

Hi Adams,

From my understanding you want the DA14531 Peripheral to be able to pair with only one device? If I am mistaken, please correct me. If you want share more details on what you want to implement.
From the APP_BOND_DB_MAX_BONDED_PEERS macro I shared on my previous answer you can set the number to 1.
However, if another central knows your PIN it will be able to pair as well.

Kind Regards,
OV_Renesas

HI,

I already modified APP_BOND_DB_MAX_BONDED_PEERS macro number to 1. 

1. The current project DA14531MOD peripheral will be integrated with my company's product, DA14531MOD Central will be integrated with other company's product,

I hope to limit only one DA14531 Central to bind with DA14531 peripheral.

If there are other Ceneral devices that can not be pair even if they know the correct PIN,

Is it possible to do this and how to modify it?

2. I try to reduce the need to input more AT commands after power on,

I tested adding AT+SEC=0, AT+ADVSTOP, AT+CENTRAL to the end of user_app_on_init  function in user_codeless.c, but it seems that only AT+SEC=0 It has taken effect,

I think I should use it wrongly, if I want to automatically execute AT+SEC=0, AT+ADVSTOP, AT+CENTRAL when Power on init, what should I do?

HI,

I already modified APP_BOND_DB_MAX_BONDED_PEERS macro number to 1. 

1. The current project DA14531MOD peripheral will be integrated with my company's product, DA14531MOD Central will be integrated with other company's product,

I hope to limit only one DA14531 Central to bind with DA14531 peripheral.

If there are other Ceneral devices that can not be pair even if they know the correct PIN,

Is it possible to do this and how to modify it?

2. I try to reduce the need to input more AT commands after power on,

I tested adding AT+SEC=0, AT+ADVSTOP, AT+CENTRAL to the end of user_app_on_init  function in user_codeless.c, but it seems that only AT+SEC=0 It has taken effect,

I think I should use it wrongly, if I want to automatically execute AT+SEC=0, AT+ADVSTOP, AT+CENTRAL when Power on init, what should I do?

Hi Adams,

Apologies for the delay.
We are currently working on this and I will get back to you.

Kind Regards,
OV_Renesas

HI,

Ok, waiting for your message.
Thank you very much for your help and for making my project go more smoothly.

Best Regards,

Hi Adams,

Sorry for the late response. 
You had the correct approach to work on the user_app_on_init callback function. 
Only the AT+SEC=0 had taken affect because you set the role on GAP_ROLE_NONE in the same function and you have not yet started advertising. After the user_app_on_init since codeless starts as a Peripheral device it will go on the user_advertise callback function which then will start advertising.

On the user_app_on_init function add towards the end this line:

user_execute_commands("AT+SEC=0\r\n",CMD_SRC_LOCAL);

    // Set intial Bluetooth role
#ifdef CODELESS_585
    codeless_env.bt_role = GAP_ROLE_CENTRAL;
#endif

HI,

Thank you for your help very soon.

By default, it is set to Central and security mode = 0 and I have tested that it is working properly now.

I have already added app_easy_whitelist.c to the project. Could you please explain how to correctly use the app_easy_manage_wlist function and when to use it?

Hi Adams,

Thank you for the reply.
When your Central connects to your Peripheral with the correct PIN then the Central address should be saved on the Bonding Table. 
On the user_on_connect callback function (from the Peripheal side), you can call your custom function which will read the bd_addr of the Central from the Bonding table. You can read the bd_addr from the following struct which is located on the app_security.h file:

/// Application Security Bond Data environment structure
struct app_sec_bond_data_env_tag
{
    /// Valid bonding keys
    enum keys_present valid_keys;
    /// LTK (LTK, EDIV, RANDNB, Key size)
    /// Key to use for link encryption
    struct gapc_ltk ltk;
    /// Remote LTK (LTK, EDIV, RANDNB, Key size),
    /// Key sent by initiator for future reversed-role usage
    struct gapc_ltk rltk;
    /// Remote IRK (IRK, Identity Address, Identity Address Type)
    /// Key to resolve Resolvable Private Address address of peer
    struct gapc_irk rirk;
    /// Local CSRK
    /// Key used by local device to sign data
    struct gap_sec_key lcsrk;
    /// Remote CSRK
    /// Key used by remote device to sign data
    struct gap_sec_key rcsrk;
    /// BD address of peer (BD address, BD address type)
    struct gap_bdaddr peer_bdaddr;
    /// Authentication level (BOND, MITM, SEC, KEY)
    uint8_t auth;
    /// slot in database
    uint8_t bdb_slot;
};

    .app_on_adv_nonconn_complete        = user_on_adv_stop,
    .app_on_adv_undirect_complete       = user_on_adv_stop,
    .app_on_adv_direct_complete         = NULL,

/*
 ****************************************************************************************
 *
 * Advertising configuration
 *
 ****************************************************************************************
 */
static const struct advertise_configuration user_adv_conf = {
    /**
     * Own BD address source of the device:
     * - GAPM_STATIC_ADDR: Public or Private Static Address according to device address configuration
     * - GAPM_GEN_RSLV_ADDR: Generated resolvable private random address
     * - GAPM_GEN_NON_RSLV_ADDR: Generated non-resolvable private random address
     */
    .addr_src = GAPM_STATIC_ADDR,
    /// Minimum interval for advertising
    .intv_min = MS_TO_BLESLOTS(687.5),                    // 687.5ms

    /// Maximum interval for advertising
    .intv_max = MS_TO_BLESLOTS(687.5),                    // 687.5ms

    /**
     *  Advertising channels map:
     * - ADV_CHNL_37_EN:   Advertising channel map for channel 37.
     * - ADV_CHNL_38_EN:   Advertising channel map for channel 38.
     * - ADV_CHNL_39_EN:   Advertising channel map for channel 39.
     * - ADV_ALL_CHNLS_EN: Advertising channel map for channel 37, 38 and 39.
     */
    .channel_map = ADV_ALL_CHNLS_EN,

    /*************************
     * Advertising information
     *************************
     */

    /// Host information advertising data (GAPM_ADV_NON_CONN and GAPM_ADV_UNDIRECT)
    /// Advertising mode :
    /// - GAP_NON_DISCOVERABLE: Non discoverable mode
    /// - GAP_GEN_DISCOVERABLE: General discoverable mode
    /// - GAP_LIM_DISCOVERABLE: Limited discoverable mode
    /// - GAP_BROADCASTER_MODE: Broadcaster mode
    .mode = GAP_GEN_DISCOVERABLE,

   /// Host information advertising data (GAPM_ADV_NON_CONN and GAPM_ADV_UNDIRECT)
    /// Advertising filter policy:
    /// - ADV_ALLOW_SCAN_ANY_CON_ANY: Allow both scan and connection requests from anyone
    /// - ADV_ALLOW_SCAN_ANY_CON_WLST: Allow both scan req from anyone and connection req from
    ///                                White List devices only
    .adv_filt_policy = ADV_ALLOW_SCAN_ANY_CON_ANY,

    /// Direct address information (GAPM_ADV_DIRECT/GAPM_ADV_DIRECT_LDC)
    /// (used only if reconnection address isn't set or privacy disabled)
    /// BD Address of device
    .peer_addr = {0x1, 0x2, 0x3, 0x4, 0x5, 0x6},

    /// Direct address information (GAPM_ADV_DIRECT/GAPM_ADV_DIRECT_LDC)
    /// (used only if reconnection address isn't set or privacy disabled)
    /// Address type of the device 0=public/1=private random
    .peer_addr_type = 0,
};

ADV_ALLOW_SCAN_WLST_CON_ANY
Allow scan requests from White Listed devices only and connection requests from anyone  ADV_ALLOW_SCAN_ANY_CON_WLST
Allow scan requests from anyone and connection requests from White Listed devices only
ADV_ALLOW_SCAN_WLST_CON_WLST
Allow scan requests and connection requests from White Listed devices only

You should choose depending on what you want for your project. 
For the app_easy_whitelist API you can find on app_easy_whitelist.h file:

/// Whitelist operation type
typedef enum
{
    /// Get White List Size.
    APP_WLIST_OP_GET_SIZE           = GAPM_GET_WLIST_SIZE,

    /// Add devices in white list.
    APP_WLIST_OP_ADD_DEV            = GAPM_ADD_DEV_IN_WLIST,

    /// Remove devices form white list.
    APP_WLIST_OP_RMV_DEV            = GAPM_RMV_DEV_FRM_WLIST,

    /// Clear all devices from white list.
    APP_WLIST_OP_CLEAR              = GAPM_CLEAR_WLIST,
} app_wlist_op_t;

/// Whitelist address type
typedef enum
{
    /// Public address
    APP_WLIST_ADDR_PUBLIC            = ADDR_PUBLIC,

    /// Random address
    APP_WLIST_ADDR_RANDOM            = ADDR_RAND,

} app_wlist_addr_t;

/*
 * FUNCTION DECLARATIONS
 ****************************************************************************************
 */

/**
 ****************************************************************************************
 * @brief Function for whitelist management.
 * @param[in] op        Command opcode
 * @param[in] addr      Peer device address to be added or removed
 * @param[in] type      Peer address type (public or random)
 * @return true if whitelist management operation is allowed to be done, else false
 ****************************************************************************************
 */
bool app_easy_manage_wlist(app_wlist_op_t op, struct bd_addr addr, app_wlist_addr_t type);

HI,

Thank you very much for your help.
I have successfully implemented the check for connection consistency with the central device and binding data.

In addition, I found a problem when I did some tests today.
I found that when setting codeless_env.bt_role to GAP_ROLE_CENTRAL in user_app_on_init,
executing AT+GAPSCAN will directly execute user_scan_completed.
However, when I switched to Peripheral mode using AT+PERIPHERAL and then to Central mode using AT+CENTRAL, executing AT+GAPSCAN will trigger user_on_adv_report_ind followed by user_scan_completed.
Are there any other settings that need to be modified when setting the default role to central?

Hi Adams,

Thank you for the reply.
Let me check this and I will get back to you.

Kind Regards,
OV_Renesas

HI,
I add a define in the user_on_dev_config_complete callback function, which allows codeless to default to either central or peripheral.
Based on my initial testing, it appears to be working properly.

Hi Adams,

Thank you for the reply. 
I added the above code snippet on my project, and it worked as well. 
Glad you were able to solve your issue. I have highlighted your answer and if you want you can accept it so you can help others in the community as well.

Kind Regards,
OV_Renesas