Hello,
I'm working on setting up a secure connection and data exchange between two DA14531 devices. One of the DA14531 units is utilizing the "ble_app_security" example configured for just-work mode. The other DA14531 unit is based on the "central" example, which has been modified with code from the central_Security_Demo. Additionally, the user profile of the central device is configured similarly to the just-work configuration from the tutorial. Both devices are intended to work without input or output.
When I set "APP_CUSTS1_SEC_REQ" set to SRV_PERM_ENABLE in the peripheral, the devices are able to exchange data. However, when "APP_CUSTS1_SEC_REQ" set to SRV_PERM_UNAUTH as in the tutorial, they stop exchange data. Is there any security with SRV_PERM_ENABLE? If not, what settings do I need to change in the central to establish the connection? I also tried to use app_easy_security_bdb_init() when initializing the central, but get a hardfault error.
Central (top) is able to read fake values from peripheral (Bottom)
Central (top) is not able to read or write to peripheral (Bottom)
Best,
James
Hi James,
In user_config.h could you please try to set this value: request the security on connection
BR,
JH_Renesas
Hi JH_Renesas,Thank you for the reply. I didn't have time to work on this the past week. I've change the value, and the central was not able to establish connection with security_peripheral. The security_peripheral just times out and disconnect. I also notice the user_app_on_tk_exch function did not executed, which means the keys were not exchange. The CFG_APP_SECURITY has been defined in both the central and peripheral, and the user_app_on_tk_exch has been added to the device handler. Both devices have the #define APP_SECURITY_MITM_PASSKEY_VAL in the header file. What would be the next steps?
Hi James,Thank you for the reply.Could you please share the Security configuration you have on both Central and Peripheral devices?If my understanding is correct, you have used the same configuration as here: 6. Securing your application using Legacy Pairing — DA1453x&DA1458x Tutorial BLE security (renesas.com) ?Please refer on the user_profiles_config.h file:
/************************************************************ * CUSTS1 security requirements (@see app_prf_srv_perm) * * - SRV_PERM_DISABLE Disable access * - SRV_PERM_ENABLE Enable access * - SRV_PERM_UNAUTH Access Requires Unauthenticated link * - SRV_PERM_AUTH Access Requires Authenticated link * - SRV_PERM_SECURE Access Requires Authenticated Secure Connection Pairing * * Select only one option. ************************************************************ */ #define APP_CUSTS1_SEC_REQ SRV_PERM_UNAUTH
/** **************************************************************************************** * @brief Returns the Service permission set by user. If user has not set any service * permission, the default "ENABLE" is used. * @param[in] task_id Task type definition of the profile. * @return service access rights **************************************************************************************** */ app_prf_srv_perm_t get_user_prf_srv_perm(enum KE_API_ID task_id);
Yes, I'm following the tutorial to establish connection between central and peripheral in just work scenario. I've make sure the APP_CUSTS1_SEC_REQ is set to SRV_PERM_UNAUTH. I've also tried to add PERM(xxx, UNAUTH) to the characteristics, but it was not successful.
[SVC1_IDX_LONG_VALUE_VAL] = {SVC1_LONG_VALUE_UUID_128, ATT_UUID_128_LEN, PERM(RD, ENABLE) | PERM(WR, ENABLE) | PERM(NTF, ENABLE) | PERM(WRITE_REQ, ENABLE) | PERM(RD, UNAUTH) | PERM(WR, UNAUTH) | PERM(NTF, UNAUTH) | PERM(WRITE_REQ, UNAUTH), DEF_SVC1_LONG_VALUE_CHAR_LEN, 0, NULL},