Hi, I would like to enable the security feature in this reference design. I passed all steps form tutorials and software portion guide. Now DA1485 device asked the pin-code from the phone, but all its services are in free access for phone, and it can work without code confirmation.
ps. Of course, the proprietary application DSPS skips the connection, but my one can pair and work without any confirmation.
设备:
嗨,安德烈·基塞尔尼科夫,
Could you please clarify which SDK are you using? Be aware that the security tutorial is based on the SDK 6.0.4. It is highly recommended to use the latest version of SDK6.0.8.
Thanks, PM_Dialog
我使用这个项目包中的SDK。在这个项目的发行说明中写道,它是基于sdk6.0.6的。
你好,这个问题你有什么最新消息吗?
嗨,安德烈·基塞尔尼科夫,
You have to change the permission to each characteristic in order to be authorized. If you set the characteristic as AUTH this means that you will add security into the characteristic and an authorization is needed. Could you please clarify which security scenario are you using? Please check the .security_request_scenario of user_default_hnd_conf structure into the user_config.h header file. With DEF_SEC_REQ_NEVER option an authorization is required during read/write of a characteristic and with DEF_SEC_REQ_ON_CONNECT an authorization is required during connection
Thanks, PM_Dialog
我检查了两种情况。DEF_SEC_REQ_ON_CONNECT需要授权,但我可以跳过它,通过设备读写数据。有了DEF\u SEC\u REQ\u,没有任何安全请求,我什么都做不了。此外,我在论坛上发现了与DA14580设备相同的问题(附链接)。https://support.dialog semiconductor.com/forums/post/dialog-smartbond-bl。。。–-software/only-allow-pairing-requests-pin-code
ps. It is very strange that security requests on reading and write operations are enabled by choosing the parameter "DEF_SEC_REQ_NEVER ".
你好,这个问题你有什么最新消息吗?
嗨,安德烈·基塞尔尼科夫,
Could you please download firmware from the default ble_app_security example of the SDK6? Do you face the same problem? I have tested and I am not able to replicate your problem. Also, could you please clarify if you develop your own application or if you tried to modify the default ble_app_security example? The DEF_SEC_REQ_NEVER is referred to the security scenario and it does not mean that the security is enabled when requests on reading and write operations by choosing the parameter. Be aware that each characteristic has its own security. Please check if you are using the app_set_prf_srv_perm(TASK_ID_CUSTS1, APP_CUSTS1_SEC_REQ); command. This command enables the security of all the characteristics and overrides the permissions that you give them into the database.So, if you are using this, you will be able to access all the characteristics of the database without any security request. The past thread that you posted is for DA14680 chip and not for DA14580, so this will not help you.
Thanks, PM_Dialog
我使用dspsv6.150.2参考项目(https://support.dialog-semiconductor.com/resource/da14585-dialog-serial-...), not with ble_app_security example. So, I need to enable security in this reference project. The problem is that this reference design provides to phone all services on pairing request, but I enabled all security settings.
嗨,安德烈·基塞尔尼科夫,
DSPS参考应用程序不支持安全性,因此如果您想使用此应用程序,则需要自己实现它。正如我已经提到的,DSPS演示程序没有使用安全功能,因此设备之间没有配对,这就是为什么您能够在没有配对的情况下读取/写入特性。您可以通过在da1458x\u config\u basic.h中设置CFG\u APP\u安全定义来启用安全性,还可以将成员安全请求场景更改为DEF\u SEC\u REQ\ON\u CONNECT,以便设备在连接时请求安全性。它将根据user\u security\u信息中的user\u config.h文件中的参数绑定设备。请检查一下房间ble\应用程序\安全以SDK为例,了解安全特性是如何实现的。另外,我强烈建议您遵循Tutorial 5 : Pairing , Bonding & Security" to enable security in the DSPS. You will be able to find the tutorial in the Documents tab at the Tutorials section or by following the below link
https://support.dialog-semiconductor.com/system/files/restricted/Training\u 05\u ble\u security\u example\u v1.1.pdf
Thanks, PM_Dialog
在论坛上开始写作之前,我已经完成了你上一篇文章中的所有步骤。问题是,在启用了所有安全功能(根据培训5手册)和《软件部分指南》中的建议之后,我遇到了下一种情况:
1尝试将设备连接到手机后,设备会向手机应用程序发送配对请求
2. I see a system dialog window with pin-code entrance textbox
三。我可以跳过这个窗口,阅读和写作服务仍然可以从电话
因此,我需要一个帮助来更改用户\u app\u回调结构或默认的\u app\u on\u连接函数,因为它启用了所有服务,然后才能获得代码交换过程的结果。
嗨,安德烈·基塞尔尼科夫,
Please check the user_app_init() function from the ble_app_security example of the SDK. If the BLE_APP_SEC is defined, then the app_set_prf_srv_perm(TASK_ID_CUSTS1, APP_CUSTS1_SEC_REQ) will executed. This function sets the service permission access rights for a profile, according to APP_CUSTS1_SEC_REQ definition. Could you please change the APP_CUSTS1_SEC_REQ to SRV_PERM_AUTH? It seems that the security is disabled from the profile database
Thanks, PM_Dialog
此函数-app\u set\u prf\u srv\u perm()在“dsps-v61502”项目中定义,但从未执行过,我应该将其添加到何处执行?
你好,这个问题你有什么最新消息吗?
Hi, are anybody there?
嗨,安德烈·基塞尔尼科夫,
三。我可以跳过这个窗口,阅读和写作服务仍然可以从电话
The gapc_bond_ind_handler() should be called if you refuse the pairing, and this function will disconnect the phone.
静态const struct ke\u msg\u handler app\u sec\u process\u handlers[]=
{
.......
{GAPC\u BOND\u IND,(ke\u msg\u func\t)GAPC\u BOND\u IND\u handler},
谢谢,但是如果“GAPC\u PAIRING\u FAILED:”在“GAPC\u bond\u ind\u handler”中输入错误的密钥,程序才会进入。如果我在手机屏幕上逃逸这个窗口或忽略它的程序仍然会工作。
嗨,安德烈,
You can test the different IO capability type in use_config.h. I think you should disable user escape the pairing window on the phone.
你能用灯泡测试一下你的固件吗?
/************************************************************
*设备IO能力(@见间隙IO上限)
*
*-间隙\u IO \u盖\u仅显示\u仅显示
* - GAP_IO_CAP_DISPLAY_YES_NO Display Yes No
* - GAP_IO_CAP_KB_ONLY Keyboard Only
*-间隙IO CAP NO输入NO输出NO输入NO输出
* - GAP_IO_CAP_KB_DISPLAY Keyboard Display
*
*只选择一个选项。
************************************************************
*/
#定义用户\u CFG \u FEAT \u IO \u CAP GAP \u IO \u CAP NO \u INPUT \u NO \u OUTPUT//GAP \u IO \u CAP \u DISPLAY \u YES \u NO
经过测试,它仍然可以在不确认密钥的情况下连接。
在配对成功的情况下,我通过替换安全任务状态机中的sending a features message函数找到了解决方案。
嗨,安德烈·基塞尔尼科夫,
很高兴你的问题解决了。谢谢你的指示。
Thanks, PM_Dialog
HI Andrey_Kiselnikov
我也想在DSP上增加配对功能,
can u give me your source code for reference