Hi, I would like to enable the security feature in this reference design. I passed all steps form tutorials and software portion guide. Now DA1485 device asked the pin-code from the phone, but all its services are in free access for phone, and it can work without code confirmation.
ps. Of course, the proprietary application DSPS skips the connection, but my one can pair and work without any confirmation.
Device:
Hi Andrey_Kiselnikov,
Could you please clarify which SDK are you using? Be aware that the security tutorial is based on the SDK 6.0.4. It is highly recommended to use the latest version of SDK6.0.8.
Thanks, PM_Dialog
I use the SDK which is there in the package of this project. In the release note attached to this project wrote that it is based on SDK 6.0.6.
Hello, do you have any update on this issue?
Hi Andrey_Kiselnikov,
You have to change the permission to each characteristic in order to be authorized. If you set the characteristic as AUTH this means that you will add security into the characteristic and an authorization is needed. Could you please clarify which security scenario are you using? Please check the .security_request_scenario of user_default_hnd_conf structure into the user_config.h header file. With DEF_SEC_REQ_NEVER option an authorization is required during read/write of a characteristic and with DEF_SEC_REQ_ON_CONNECT an authorization is required during connection
Thanks, PM_Dialog
I checked both scenarios. With DEF_SEC_REQ_ON_CONNECT authorization required but I can skip it and read and write data through the device. With DEF_SEC_REQ_NEVER I can do everything without any security requests. Moreover, I found the same problem on the forums with DA14580 devices (link attached).https://support.dialog-semiconductor.com/forums/post/dialog-smartbond-bl...–-software/only-allow-pairing-requests-pin-code
ps. It is very strange that security requests on reading and write operations are enabled by choosing the parameter "DEF_SEC_REQ_NEVER ".
Hello, do you have any update on this issue?
Hi Andrey_Kiselnikov,
Could you please download firmware from the default ble_app_security example of the SDK6? Do you face the same problem? I have tested and I am not able to replicate your problem. Also, could you please clarify if you develop your own application or if you tried to modify the default ble_app_security example? The DEF_SEC_REQ_NEVER is referred to the security scenario and it does not mean that the security is enabled when requests on reading and write operations by choosing the parameter. Be aware that each characteristic has its own security. Please check if you are using the app_set_prf_srv_perm(TASK_ID_CUSTS1, APP_CUSTS1_SEC_REQ); command. This command enables the security of all the characteristics and overrides the permissions that you give them into the database.So, if you are using this, you will be able to access all the characteristics of the database without any security request. The past thread that you posted is for DA14680 chip and not for DA14580, so this will not help you.
Thanks, PM_Dialog
I work with DSPS V6.150.2 reference project (https://support.dialog-semiconductor.com/resource/da14585-dialog-serial-...), not with ble_app_security example. So, I need to enable security in this reference project. The problem is that this reference design provides to phone all services on pairing request, but I enabled all security settings.
Hi Andrey_Kiselnikov,
需求方参考应用程序不支持curity, so if you want to use this application you need to implement it by your own. As I have already mentioned the DSPS demo doesn't use the security feature, so there's no pairing between the devices, that’s why you are able to read/write into the characteristics without pairing. You can enable security by setting the CFG_APP_SECURITY definition in the da1458x_config_basic.h and also change the member security_request_scenario to DEF_SEC_REQ_ON_CONNECT in order for your device to request security upon connection. That will bond your device according to the parameters located in the user_config.h file in the user_security_information. Please, check theble_app_securityexample of the SDK in order to understand how the security features are implemented. Also, I strongly recommend you to follow the steps of theTutorial 5 : Pairing , Bonding & Security" to enable security in the DSPS. You will be able to find the tutorial in the Documents tab at the Tutorials section or by following the below link
https://support.dialog-semiconductor.com/system/files/restricted/Training_05_ble_security_example_v1.1.pdf
Thanks, PM_Dialog
I did all these steps from your last post before starting writing at the forum. The problem is that after enabling all security features (according to the training 5 manual), and recommendations from software portion guide I have the next situation:
1. After trying to connect the device to phone, the device sends a pairing request to the phone app
2. I see a system dialog window with pin-code entrance textbox
3. I can skip this window and reading and writing services still be able from the phone
So I need a help in changing the user_app_callbacks structure or default_app_on_connection function because It enables all services, before getting results of code exchange procedure.
Hi Andrey_Kiselnikov,
Please check the user_app_init() function from the ble_app_security example of the SDK. If the BLE_APP_SEC is defined, then the app_set_prf_srv_perm(TASK_ID_CUSTS1, APP_CUSTS1_SEC_REQ) will executed. This function sets the service permission access rights for a profile, according to APP_CUSTS1_SEC_REQ definition. Could you please change the APP_CUSTS1_SEC_REQ to SRV_PERM_AUTH? It seems that the security is disabled from the profile database
Thanks, PM_Dialog
This function - app_set_prf_srv_perm() definded in "dsps-v61502" project, but never executed, where should I add it to execute?
Hello, do you have any update on this issue?
Hi, are anybody there?
Hi Andrey_Kiselnikov,
3. I can skip this window and reading and writing services still be able from the phone
The gapc_bond_ind_handler() should be called if you refuse the pairing, and this function will disconnect the phone.
static const struct ke_msg_handler app_sec_process_handlers[] =
{
.......
{GAPC_BOND_IND, (ke_msg_func_t)gapc_bond_ind_handler},
Thanks, but the program enters in case "GAPC_PAIRING_FAILED:" in "gapc_bond_ind_handler" only if I enter the wrong passkey. If I escape this window on phone screen or ignore it the program will still work.
Hi Andrey,
You can test the different IO capability type in use_config.h. I think you should disable user escape the pairing window on the phone.
Could you use light bule to test your firmware?
/************************************************************
* Device IO Capability (@see gap_io_cap)
*
* - GAP_IO_CAP_DISPLAY_ONLY Display Only
* - GAP_IO_CAP_DISPLAY_YES_NO Display Yes No
* - GAP_IO_CAP_KB_ONLY Keyboard Only
* - GAP_IO_CAP_NO_INPUT_NO_OUTPUT No Input No Output
* - GAP_IO_CAP_KB_DISPLAY Keyboard Display
*
* Select only one option.
************************************************************
*/
#define USER_CFG_FEAT_IO_CAP GAP_IO_CAP_NO_INPUT_NO_OUTPUT //GAP_IO_CAP_DISPLAY_YES_NO
Tested them, it is still able connecting without confirming the passkey.
I found the solution by replacing a sending a features message function in security task state machine after PAIRING_SUCCEED case.
Hi Andrey_Kiselnikov,
Glad that your problem has been fixed. Thanks for your indication.
Thanks, PM_Dialog
HI Andrey_Kiselnikov
I want add Pair Function on DSPS too,
can u give me your source code for reference