Secure connection

Hello,

I'm working on setting up a secure connection and data exchange between two DA14531 devices. One of the DA14531 units is utilizing the "ble_app_security" example configured for just-work mode. The other DA14531 unit is based on the "central" example, which has been modified with code from the central_Security_Demo. Additionally, the user profile of the central device is configured similarly to the just-work configuration from the tutorial. Both devices are intended to work without input or output.

When I set "APP_CUSTS1_SEC_REQ" set to SRV_PERM_ENABLE in the peripheral, the devices are able to exchange data. However, when "APP_CUSTS1_SEC_REQ" set to SRV_PERM_UNAUTH as in the tutorial, they stop exchange data. Is there any security with SRV_PERM_ENABLE? If not, what settings do I need to change in the central to establish the connection? I also tried to use app_easy_security_bdb_init() when initializing the central, but get a hardfault error.

Central (top) is able to read fake values from peripheral (Bottom)

Central (top) is not able to read or write to peripheral (Bottom)

Best,

James

  • Hi James,

    Thank you for posting your questions online.

    I will check on this and will back to you as soon as possible.

    BR,

    JH_Renesas

  • Hi James,

    In user_config.h could you please try to set this value: request the security on connection

    BR,

    JH_Renesas

  • Hi JH_Renesas,

    Thank you for the reply. I didn't have time to work on this the past week.

    I've change the value, and the central was not able to establish connection with security_peripheral. The security_peripheral just times out and disconnect. I also notice the user_app_on_tk_exch function did not executed, which means the keys were not exchange. The CFG_APP_SECURITY has been defined in both the central and peripheral, and the user_app_on_tk_exch has been added to the device handler. Both devices have the #define APP_SECURITY_MITM_PASSKEY_VAL  in the header file. What would be the next steps?


  • Hi James,

    Thank you for the reply.
    Could you please share the Security configuration you have on both Central and Peripheral devices?
    If my understanding is correct, you have used the same configuration as here: 6. Securing your application using Legacy Pairing — DA1453x&DA1458x Tutorial BLE security (renesas.com) ?

    Please refer on the user_profiles_config.h file:

    /************************************************************
     * CUSTS1 security requirements (@see app_prf_srv_perm)
     *
     * - SRV_PERM_DISABLE       Disable access
     * - SRV_PERM_ENABLE        Enable access
     * - SRV_PERM_UNAUTH        Access Requires Unauthenticated link
     * - SRV_PERM_AUTH          Access Requires Authenticated link
     * - SRV_PERM_SECURE        Access Requires Authenticated Secure Connection Pairing
     *
     * Select only one option.
     ************************************************************
     */
    #define APP_CUSTS1_SEC_REQ  SRV_PERM_UNAUTH
    

    If you have used SRV_PERM_UNAUTH then you should have the JustWorks association security model implemented in order to be able to access the Services and Characteristics.
    You can also use the following API from the app_prf_perm_types.h file in order to get a debug message with the Service permissions you have set:
    /**
     ****************************************************************************************
     * @brief Returns the Service permission set by user. If user has not set any service
     * permission, the default "ENABLE" is used.
     * @param[in] task_id           Task type definition of the profile.
     * @return                      service access rights
     ****************************************************************************************
     */
    app_prf_srv_perm_t get_user_prf_srv_perm(enum KE_API_ID task_id);
    


    Best Regards,
    OV_Renesas

  • Hello,

    Yes, I'm following the tutorial to establish connection between central and peripheral in just work scenario. I've make sure the APP_CUSTS1_SEC_REQ  is set to SRV_PERM_UNAUTH. I've also tried to add  PERM(xxx, UNAUTH) to the characteristics, but it was not successful.

        [SVC1_IDX_LONG_VALUE_VAL]          = {SVC1_LONG_VALUE_UUID_128, ATT_UUID_128_LEN,  PERM(RD, ENABLE) | PERM(WR, ENABLE) | PERM(NTF, ENABLE) | PERM(WRITE_REQ, ENABLE)
                                                                                        |  PERM(RD, UNAUTH) | PERM(WR, UNAUTH) | PERM(NTF, UNAUTH) | PERM(WRITE_REQ, UNAUTH),
                                                DEF_SVC1_LONG_VALUE_CHAR_LEN, 0, NULL},


    The zip file I've included does not have the PERM(xxx, UNAUTH) add to the characteristics. The central writes and read to the last characteristic of 1st service ("Long Value Characteristic") in the handle_service_disc_finished function.
    1565.ble_app_security.zip2262.central.zip

  • Hello,

    Please let me know if you are not able to open the files above, something happen to the first reply and I had resubmit.

    Yes, I'm following the tutorial to establish a JustWorks connection between central and peripheral. I've make sure the #define APP_CUSTS1_SEC_REQ  SRV_PERM_UNAUTH appears in both central and peripheral user_profiles_config.h. At some point, I've also add PERM(XXX, UNAUTH) to the characteristic to see if it works. It didn't work, so I removed it from the above zip files.

        // Long Value Characteristic Value
        [SVC1_IDX_LONG_VALUE_VAL]          = {SVC1_LONG_VALUE_UUID_128, ATT_UUID_128_LEN, PERM(RD, ENABLE) | PERM(WR, ENABLE) | PERM(NTF, ENABLE) | PERM(WRITE_REQ, ENABLE),
                                                DEF_SVC1_LONG_VALUE_CHAR_LEN, 0, NULL},

    I'm writing and reading to the "Long Value" Characteristic in the handle_service_disc_finished() from user_central_app.c

    Thank you again.

    Best,

    James

  • Hello,

    Please let me know if you are not able to open files above, I had some issue submitting the reply and had to do it a few times.

    Regard to the previous post, yes, I'm following the tutorial to establish a JustWorks connection between the central and peripheral. I've made sure the #define APP_CUSTS1_SEC_REQ  SRV_PERM_UNAUTH is defined in both central and peripheral. I've also add PERM(XXX, UNAUTH) to the characteristics in user_custs1_def.c. It didn't work, and I've removed them from the above files.

    The central is writing and reading to the last characteristics of service 1 (Long Value) and it's implemented in the handle_service_disc_finished() of the user_central_app.c

    Best Regards,

    James

  • HI James,

    Thank you for the replies.
    I was able to download the central and ble_app_security projects.
    Could you please clarify SDK version that you are working with and which IDE?
    I will try to replicate this on my side.

    Best Regards,
    OV_Renesas

  • Hello,

    It was SDK_6.0.22.1401.

    Best,

    James