Static PIN when using as peripheral

13个帖子/ 0新
Last post
Ashwin Rao.
Offline
Last seen:5年9个月前
加入:2015-01-09 05:21
Static PIN when using as peripheral

Hi,

我正在研究心率传感器应用程序,我汇集了一个运行的应用程序。即,我能够使用任何标准的Android BLE应用程序连接和查看HR。
我正在使用基本的开发工具包作为此目的的外设从站。

现在,我想添加一些安全性,以便只有具有PIN的用户只能连接到外围设备。我知道这很容易受到蛮力攻击,但这没关系。
These are the changes I have made for the same.

void app_sec_init_func(void)
{
#if (BLE_APP_SEC)
app_sec_env.auth = (GAP_AUTH_REQ_MITM_BOND);
#万一
}

void app_send_pairing_rsp_func(struct gapc_bond_req_ind * param)
{
struct gapc_bond_cfm* cfm = KE_MSG_ALLOC(GAPC_BOND_CFM, KE_BUILD_ID(TASK_GAPC, app_env.conidx), TASK_APP, gapc_bond_cfm);

cfm->request = GAPC_PAIRING_RSP;
cfm->accept = true;

// OOB information
cfm-> data.pairing_feat.oob = gap_oob_auth_data_not_present;
// Encryption key size
cfm-> data.pairing_feat.key_size = key_len;
// IO能力
cfm-> data.pairing_feat.iocap = gap_cap_display_only;
// Authentication requirements
cfm-> data.pairing_feat.auth = gap_auth_req_mitm_bond;
//Security requirements
cfm - > data.pairing_feat。sec_req = GAP_SEC1_AUTH_PAIR_ENC;
//启动器密钥分发
cfm-> data.pairing_feat.ikey_dist = gap_kdist_engkey;
//Responder key distribution
cfm - > data.pairing_feat。rkey_dist = GAP_KDIST_ENCKEY;

ke_msg_send(cfm);
}
Since cfm->data.pairing_feat.iocap = GAP_IO_CAP_DISPLAY_ONLY;, the Android device is supposed to pop up a keyboard to enter the pin when pairing.
When a bonding request is received, the app_send_tk_exch_func() should be called which will set the static pin.

现在,Android当我尝试配对使用Android设备时,Android设备只是说钥匙不匹配没有键盘弹出。此外,我不会为此案例获取GAPC_TK_EXCH请求GAPC_BOND_REQ_IND_HANDLER()。

Just to check, if I change to cfm->data.pairing_feat.iocap = GAP_IO_CAP_KB_ONLY;,then when pairing Android device shows the random pairing code which should be entered on peripheral slave(as expected). However, this is not what I need.

Can you please tell me what could be wrong?

提前致谢。

设备:
Ashwin Rao.
Offline
Last seen:5年9个月前
加入:2015-01-09 05:21
Hi,

Hi,

Anyone with any info on this?

问候,
ashwin

JE_Dialog
Offline
Last seen:12小时42分钟前
Staff
加入:2013-12-05 14:02
Hi Ashwin, one of the team

嗨Ashwin,其中一支球队将开始为明天看看这个。BR JE_DIALOG.

MT_dialog
Offline
Last seen:2个月3周前
Staff
加入:2015-06-08 11:34
Hi Ashwin Rao

Hi Ashwin Rao

如果我正确理解,您想通过使用主机键盘(电话)输入的密码来连接到您的设备。好吧,您可以尝试将主机的IO_Capabils更改为“仅限键盘”以便完成类似的东西。由于设备不会有任何按钮,因此设备的IO功能应该是NoInput / NoOutput,并且PIN号将是固定的。您提到的“显示功能”您不认为将强制Android设备显示键盘。

Thanks MT_dialog

Ashwin Rao.
Offline
Last seen:5年9个月前
加入:2015-01-09 05:21
Hi,

Hi,
Thanks for the response.

According to
https://developer.bluetooth.org/technologyoverview/pages/le-security.aspx.
The settings that I have mentioned is correct.

In your post, you have mentioned "The device’s IO Capabilities should be NoInput/NoOutput since the device isn’t going to have any buttons and the PIN number would be fixed."
但根据上面的链接,如果完成,那么只需使用工作身份验证模式,这不是我需要的。

MT_dialog
Offline
Last seen:2个月3周前
Staff
加入:2015-06-08 11:34
Hi Ashwin Rao

Hi Ashwin Rao

I m going to send you something offline, please have a look, i hope it will help you.

Thanks MT_dialog

klim9531
Offline
Last seen:4年6个月前
加入:2015-01-28 23:52
我正在阅读这一点

我正在阅读这一点post looking for help/hints on how I might be able to do something like this:

- “外设”,按一个按钮,然后按下一次2秒,广播并允许从扫描的任何Android设备的连接(寻找我的服务的UUID)。
- 即可建立债券,关闭Braodcasting,现在在未来,只允许该Android设备在没有按钮的情况下重新连接。
--This seems pretty straightforward, but I cannot find any good suggestions on how to do this.
--I already have everything else in the peripheral working, just want to add this in.

I should mention to you guys at Dialog that it might be much more helpful and save you a lot of work if wherever possible, you answer questions FULLY in the forums. Much of the posts that I have read over time here are unanswered, the final post being from a Dialog moderator who says something like "I'm going to send you something offline...." I realize that sometimes there is no easy answer to the many questions that you guys get, but it does us all very little good to run into a bunch of dead ends.

JE_Dialog
Offline
Last seen:12小时42分钟前
Staff
加入:2013-12-05 14:02
嗨Klim,谢谢你的

嗨Klim,谢谢你的feedback. I agree that it's not ideal to take things offline : sometimes its necessary (as the length / complexity of the issue means it cannot be dealt with on here) but overall your sentiments are correct and appreciated : the more online the better. I'll have one of the team look into your requirements and we'll feedback.

Thanks &BR JE_Dialog

klim9531
Offline
Last seen:4年6个月前
加入:2015-01-28 23:52
Thanks JE_Dialog, I am glad

谢谢Je_Dialog,我很高兴你没有看到这是一个负面评论,并不意味着。我会密切关注这个帖子,看看你们是否有一些东西会指向正确的方向。

JE_Dialog
Offline
Last seen:12小时42分钟前
Staff
加入:2013-12-05 14:02
嗨Klim9531,我们的首字母

嗨Klim9531,我们最初的想法是:

  • DA14580无法区分iOS或Android。因此,还有一个应用程序写入自定义特征,告诉它是一个Android手机。
  • 一旦执行上述步骤,可以检索对等设备的BD地址并将其添加到白色列表中。

您是否需要区分Android和IOS设备?

This could be built from the keyboard reference design (stripped down). We have an internal note on the whitelisting that we can share (this shows how to add a device to white-list , which effectively will make a list of known connections and only connect to those that are whitelisted).

BR JE_DIALOG.

klim9531
Offline
Last seen:4年6个月前
加入:2015-01-28 23:52
Hi JE_Dialog,

Hi JE_Dialog,

Thanks for the input, here is some clarification:

- 它是否无论客户端设备是否是Android或iOS(我当前拥有完全运行的Android应用程序到与设备接口,我打算很快建立IOS应用程序)。Android应用程序扫描广告设备,如果它找到一个我的名字/服务,我开始数据传输。该设计基于串行端口服务应用程序。

Your idea about. getting the device's Bluetooth Address and whitelisting it in the DA14580 seems right on target with my needs. This is my desired sequence:

1. DA14580电源打开,从未连接到对等设备(Android或iOS)。
2.用户按DA14580上的按钮(重置白名单,但第一次上电时,此列表)。
3. User starts Android/iOS app, for 2.5 seconds the app begins scanning for any BT devices, finds my named service, and begins bi-directional communication (this part is currently working).
4. DA14580 queries the Android/iOS device and acquires a BD address, then stores that address in a whitelist.
5. Communication continues until DA14580 is powered down.
6. Upon restart of the DA14580, it will now ONLY ALLOW communication with the device which is in the whitelist.
7. If the button on the DA14580 is pressed again, the Android/iOS device in the whitelist is purged, and the DA14580 repeats the above starting at #2.

If you can post a link to Dialog's internal note on whitelisting --how to query the device, then add its BD address to a whitelist-- then that would help me sort this out.

I will wait for your reply and while doing so, look at the keyboard reference design.

Thanks for your help, klim9531

富有的ard Surprenant
Offline
Last seen:3 years 9 months ago
加入:2016-07-26 16:37
je_dialog,

je_dialog,
这正是我对SPS做的事情。你能评论这是如何解决的?
谢谢,
富有的

MT_dialog
Offline
Last seen:2个月3周前
Staff
加入:2015-06-08 11:34
Hi Richard,

Hi Richard,

请检查您以前的帖子,我相信它将涵盖您的问题。

https://support.dialog-semicondiondiondum/forums/post/dialog-smartbond-bl ...

Thanks MT_dialog