Hi, I would like to enable the security feature in this reference design. I passed all steps form tutorials and software portion guide. Now DA1485 device asked the pin-code from the phone, but all its services are in free access for phone, and it can work without code confirmation.
ps. Of course, the proprietary application DSPS skips the connection, but my one can pair and work without any confirmation.
设备:
你好,安德烈·尤基塞尔尼科夫,
Could you please clarify which SDK are you using? Be aware that the security tutorial is based on the SDK 6.0.4. It is highly recommended to use the latest version of SDK6.0.8.
Thanks, PM_Dialog
我使用这个项目包中的SDK。在这个项目附带的发行说明中写道,它是基于sdk6.0.6的。
你好,你有关于这个问题的最新消息吗?
你好,安德烈·尤基塞尔尼科夫,
You have to change the permission to each characteristic in order to be authorized. If you set the characteristic as AUTH this means that you will add security into the characteristic and an authorization is needed. Could you please clarify which security scenario are you using? Please check the .security_request_scenario of user_default_hnd_conf structure into the user_config.h header file. With DEF_SEC_REQ_NEVER option an authorization is required during read/write of a characteristic and with DEF_SEC_REQ_ON_CONNECT an authorization is required during connection
Thanks, PM_Dialog
我检查了两种情况。使用DEF_SEC_REQ_ON_CONNECT需要授权,但我可以跳过它,通过设备读写数据。有了DEF_SEC_REQ_,我永远都可以在没有任何安全请求的情况下做任何事情。此外,我在论坛上发现了同样的问题,DA14580设备(链接附后)。https://support.dialog semiconductor.com/forums/post/dialog-smartbond-bl。。。–-software/only-allow-pairing-requests-pin-code
ps. It is very strange that security requests on reading and write operations are enabled by choosing the parameter "DEF_SEC_REQ_NEVER ".
你好,你有关于这个问题的最新消息吗?
你好,安德烈·尤基塞尔尼科夫,
Could you please download firmware from the default ble_app_security example of the SDK6? Do you face the same problem? I have tested and I am not able to replicate your problem. Also, could you please clarify if you develop your own application or if you tried to modify the default ble_app_security example? The DEF_SEC_REQ_NEVER is referred to the security scenario and it does not mean that the security is enabled when requests on reading and write operations by choosing the parameter. Be aware that each characteristic has its own security. Please check if you are using the app_set_prf_srv_perm(TASK_ID_CUSTS1, APP_CUSTS1_SEC_REQ); command. This command enables the security of all the characteristics and overrides the permissions that you give them into the database.So, if you are using this, you will be able to access all the characteristics of the database without any security request. The past thread that you posted is for DA14680 chip and not for DA14580, so this will not help you.
Thanks, PM_Dialog
我使用dspsv6.150.2参考项目(https://support.dialog-semiconductor.com/resource/da14585-dialog-serial-...), not with ble_app_security example. So, I need to enable security in this reference project. The problem is that this reference design provides to phone all services on pairing request, but I enabled all security settings.
你好,安德烈·尤基塞尔尼科夫,
DSPS引用应用程序不支持安全性,因此如果要使用此应用程序,则需要自己实现它。正如我已经提到的,dsp演示不使用安全功能,因此设备之间没有配对,这就是为什么您可以在不配对的情况下读/写这些特性。您可以通过在da1458x_config_basic.h中设置CFG_APP_安全性定义来启用安全性,还可以将成员安全性_request_方案更改为DEF_SEC_REQ_ON_CONNECT,以便您的设备在连接时请求安全性。它将根据用户安全信息中user_config.h文件中的参数绑定您的设备。请检查一下房间安全性以SDK为例,了解安全特性是如何实现的。另外,我强烈建议您按照Tutorial 5 : Pairing , Bonding & Security" to enable security in the DSPS. You will be able to find the tutorial in the Documents tab at the Tutorials section or by following the below link
https://support.dialog-semiconductor.com/system/files/restricted/Training\u 05\u ble\u security\u example\u v1.1.pdf
Thanks, PM_Dialog
在论坛开始写作之前,我已经完成了你上一篇文章的所有步骤。问题是,在启用了所有安全功能(根据培训5手册)和软件部分指南中的建议之后,我遇到了下一种情况:
1尝试将设备连接到手机后,设备会向手机应用程序发送配对请求
2. I see a system dialog window with pin-code entrance textbox
三。我可以跳过这个窗口,阅读和写作服务仍然可以从电话
因此,我需要一个帮助来更改用户\u app\u回调结构或默认的\u app\u on\u连接函数,因为它启用了所有服务,然后才能获得代码交换过程的结果。
你好,安德烈·尤基塞尔尼科夫,
Please check the user_app_init() function from the ble_app_security example of the SDK. If the BLE_APP_SEC is defined, then the app_set_prf_srv_perm(TASK_ID_CUSTS1, APP_CUSTS1_SEC_REQ) will executed. This function sets the service permission access rights for a profile, according to APP_CUSTS1_SEC_REQ definition. Could you please change the APP_CUSTS1_SEC_REQ to SRV_PERM_AUTH? It seems that the security is disabled from the profile database
Thanks, PM_Dialog
这个函数-app_set_prf_srv_perm()在“dsps-v61502”项目中定义,但从未执行过,我应该在哪里添加它来执行?
你好,你有关于这个问题的最新消息吗?
Hi, are anybody there?
你好,安德烈·尤基塞尔尼科夫,
三。我可以跳过这个窗口,阅读和写作服务仍然可以从电话
The gapc_bond_ind_handler() should be called if you refuse the pairing, and this function will disconnect the phone.
静态常量结构ke_msg_handler app_sec_process_handlers[]=
{
.......
{GAPC_BOND_IND,(ke_msg_func_t)GAPC_BOND_IND_handler},
谢谢,但只有当我输入了错误的密钥时,程序才会在“GAPC_bond_ind_handler”中输入“GAPC_PAIRING_FAILED:”时才会进入程序。如果我退出手机屏幕上的这个窗口或者忽略它,程序仍然可以工作。
你好,安德烈,
You can test the different IO capability type in use_config.h. I think you should disable user escape the pairing window on the phone.
你能用light bule来测试你的固件吗?
/************************************************************
*设备IO能力(@见gap_IO_cap)
*
*-仅显示间隙
* - GAP_IO_CAP_DISPLAY_YES_NO Display Yes No
* - GAP_IO_CAP_KB_ONLY Keyboard Only
*-间隙,电容,输入,输出,输入,输出
* - GAP_IO_CAP_KB_DISPLAY Keyboard Display
*
*只选择一个选项。
************************************************************
*/
#define USER_CFG_FEAT_IO_CAP GAP_IO_CAP_NO_INPUT_NO_OUTPUT//GAP_IO_CAP_DISPLAY_YES_NO
经过测试,它仍然可以在不确认密钥的情况下连接。
我找到了解决方法,在配对成功案例后,替换安全任务状态机中的发送功能消息函数。
你好,安德烈·尤基塞尔尼科夫,
很高兴你的问题已经解决了。谢谢你的指示。
Thanks, PM_Dialog
HI Andrey_Kiselnikov
我也想在DSP上加对功能,
can u give me your source code for reference