Hello,
I'm working on setting up a secure connection and data exchange between two DA14531 devices. One of the DA14531 units is utilizing the "ble_app_security" example configured for just-work mode. The other DA14531 unit is based on the "central" example, which has been modified with code from the central_Security_Demo. Additionally, the user profile of the central device is configured similarly to the just-work configuration from the tutorial. Both devices are intended to work without input or output.
When I set "APP_CUSTS1_SEC_REQ" set to SRV_PERM_ENABLE in the peripheral, the devices are able to exchange data. However, when "APP_CUSTS1_SEC_REQ" set to SRV_PERM_UNAUTH as in the tutorial, they stop exchange data. Is there any security with SRV_PERM_ENABLE? If not, what settings do I need to change in the central to establish the connection? I also tried to use app_easy_security_bdb_init() when initializing the central, but get a hardfault error.
Central (top) is able to read fake values from peripheral (Bottom)
Central (top) is not able to read or write to peripheral (Bottom)
Best,
James
Hi James,
In user_config.h could you please try to set this value: request the security on connection
BR,
JH_Renesas
Hi JH_Renesas,Thank you for the reply. I didn't have time to work on this the past week. I've change the value, and the central was not able to establish connection with security_peripheral. The security_peripheral just times out and disconnect. I also notice the user_app_on_tk_exch function did not executed, which means the keys were not exchange. The CFG_APP_SECURITY has been defined in both the central and peripheral, and the user_app_on_tk_exch has been added to the device handler. Both devices have the #define APP_SECURITY_MITM_PASSKEY_VAL in the header file. What would be the next steps?
Hi James,Thank you for the reply.Could you please share the Security configuration you have on both Central and Peripheral devices?If my understanding is correct, you have used the same configuration as here: 6. Securing your application using Legacy Pairing — DA1453x&DA1458x Tutorial BLE security (renesas.com) ?Please refer on the user_profiles_config.h file:
/************************************************************ * CUSTS1 security requirements (@see app_prf_srv_perm) * * - SRV_PERM_DISABLE Disable access * - SRV_PERM_ENABLE Enable access * - SRV_PERM_UNAUTH Access Requires Unauthenticated link * - SRV_PERM_AUTH Access Requires Authenticated link * - SRV_PERM_SECURE Access Requires Authenticated Secure Connection Pairing * * Select only one option. ************************************************************ */ #define APP_CUSTS1_SEC_REQ SRV_PERM_UNAUTH
/** **************************************************************************************** * @brief Returns the Service permission set by user. If user has not set any service * permission, the default "ENABLE" is used. * @param[in] task_id Task type definition of the profile. * @return service access rights **************************************************************************************** */ app_prf_srv_perm_t get_user_prf_srv_perm(enum KE_API_ID task_id);
Yes, I'm following the tutorial to establish connection between central and peripheral in just work scenario. I've make sure the APP_CUSTS1_SEC_REQ is set to SRV_PERM_UNAUTH. I've also tried to add PERM(xxx, UNAUTH) to the characteristics, but it was not successful.
[SVC1_IDX_LONG_VALUE_VAL] = {SVC1_LONG_VALUE_UUID_128, ATT_UUID_128_LEN, PERM(RD, ENABLE) | PERM(WR, ENABLE) | PERM(NTF, ENABLE) | PERM(WRITE_REQ, ENABLE) | PERM(RD, UNAUTH) | PERM(WR, UNAUTH) | PERM(NTF, UNAUTH) | PERM(WRITE_REQ, UNAUTH), DEF_SVC1_LONG_VALUE_CHAR_LEN, 0, NULL},
1212.central.zip6327.ble_app_security.zip
Please let me know if you are not able to open the files above, something happen to the first reply and I had resubmit.Yes, I'm following the tutorial to establish a JustWorks connection between central and peripheral. I've make sure the #define APP_CUSTS1_SEC_REQ SRV_PERM_UNAUTH appears in both central and peripheral user_profiles_config.h. At some point, I've also add PERM(XXX, UNAUTH) to the characteristic to see if it works. It didn't work, so I removed it from the above zip files.
// Long Value Characteristic Value [SVC1_IDX_LONG_VALUE_VAL] = {SVC1_LONG_VALUE_UUID_128, ATT_UUID_128_LEN, PERM(RD, ENABLE) | PERM(WR, ENABLE) | PERM(NTF, ENABLE) | PERM(WRITE_REQ, ENABLE), DEF_SVC1_LONG_VALUE_CHAR_LEN, 0, NULL},
I'm writing and reading to the "Long Value" Characteristic in the handle_service_disc_finished() from user_central_app.cThank you again.
Please let me know if you are not able to open files above, I had some issue submitting the reply and had to do it a few times.Regard to the previous post, yes, I'm following the tutorial to establish a JustWorks connection between the central and peripheral. I've made sure the #define APP_CUSTS1_SEC_REQ SRV_PERM_UNAUTH is defined in both central and peripheral. I've also add PERM(XXX, UNAUTH) to the characteristics in user_custs1_def.c. It didn't work, and I've removed them from the above files.The central is writing and reading to the last characteristics of service 1 (Long Value) and it's implemented in the handle_service_disc_finished() of the user_central_app.c
Best Regards,
HI James,Thank you for the replies.I was able to download the central and ble_app_security projects.Could you please clarify SDK version that you are working with and which IDE?I will try to replicate this on my side.Best Regards,OV_Renesas
It was SDK_6.0.22.1401.
Hello James,
Are you using this Demo: ble-sdk6-examples/connectivity/central_Security_Demo at main · renesas/ble-sdk6-examples
I will check this this demo for your question and will back to you soon.
I have checked both of the central and central_Security_demo examples, If you need the features in the central demo, you need port the related features to the central_Security_demo.
the central project is not working with security, lots of callbacks should been added.
This is good to know. I notice the central_security_demo uses a different mechanism for establishing connection and doesn't scanning for services and characteristics. I can probably figure out a way to sends out connection request based on device name instead of UART input, but I don't know how to discover services and characteristics. Will I need to include the user_ble_gap.c and user_ble_gatt.c? Would that make the code base to be too large? Please advice.
Yes, you need add the Gap and Gatt source files if you want using the apis in them.
not that large code you can have a try on this, I don't think it will over flow.