Hi, I would like to enable the security feature in this reference design. I passed all steps form tutorials and software portion guide. Now DA1485 device asked the pin-code from the phone, but all its services are in free access for phone, and it can work without code confirmation.
ps. Of course, the proprietary application DSPS skips the connection, but my one can pair and work without any confirmation.
设备:
嗨Andrey_Kiselnikov,
Could you please clarify which SDK are you using? Be aware that the security tutorial is based on the SDK 6.0.4. It is highly recommended to use the latest version of SDK6.0.8.
Thanks, PM_Dialog
我使用这个项目包中的SDK。在此项目附加的发布说明中写道,它基于SDK 6.0.6。
您好,您对此问题有任何更新吗?
嗨Andrey_Kiselnikov,
You have to change the permission to each characteristic in order to be authorized. If you set the characteristic as AUTH this means that you will add security into the characteristic and an authorization is needed. Could you please clarify which security scenario are you using? Please check the .security_request_scenario of user_default_hnd_conf structure into the user_config.h header file. With DEF_SEC_REQ_NEVER option an authorization is required during read/write of a characteristic and with DEF_SEC_REQ_ON_CONNECT an authorization is required during connection
Thanks, PM_Dialog
我检查了这两种情况。使用def_sec_req_on_connect授权所需,但我可以通过设备跳过并读取和写入数据。使用def_sec_req_never,我可以在没有任何安全请求的情况下完成所有内容。此外,我在使用DA14580设备的论坛上发现了同样的问题(连接附加的链接)。https://support.dialog-semicondiondiondum/forums/post/dialog-smartbond-bl ...–-software/only-allow-pairing-requests-pin-code
ps. It is very strange that security requests on reading and write operations are enabled by choosing the parameter "DEF_SEC_REQ_NEVER ".
您好,您对此问题有任何更新吗?
嗨Andrey_Kiselnikov,
Could you please download firmware from the default ble_app_security example of the SDK6? Do you face the same problem? I have tested and I am not able to replicate your problem. Also, could you please clarify if you develop your own application or if you tried to modify the default ble_app_security example? The DEF_SEC_REQ_NEVER is referred to the security scenario and it does not mean that the security is enabled when requests on reading and write operations by choosing the parameter. Be aware that each characteristic has its own security. Please check if you are using the app_set_prf_srv_perm(TASK_ID_CUSTS1, APP_CUSTS1_SEC_REQ); command. This command enables the security of all the characteristics and overrides the permissions that you give them into the database.So, if you are using this, you will be able to access all the characteristics of the database without any security request. The past thread that you posted is for DA14680 chip and not for DA14580, so this will not help you.
Thanks, PM_Dialog
我使用DSPS V6.150.2参考项目(https://support.dialog-semiconductor.com/resource/da14585-dialog-serial-...), not with ble_app_security example. So, I need to enable security in this reference project. The problem is that this reference design provides to phone all services on pairing request, but I enabled all security settings.
嗨Andrey_Kiselnikov,
DSP参考应用程序不支持安全性,因此如果要使用此应用程序,则需要自己实现。正如我已经提到的那样,DSPS演示不使用安全功能,因此设备之间没有配对,这就是为什么您能够在不配对的情况下读取/写入该特征。您可以通过在da1458x_config_basic.h中设置cfg_app_security定义来启用安全性,并且还将成员Security_Request_scenario更改为def_sec_req_on_connect,以便在连接时请求安全性。这将根据位于User_Security_Information中的User_Config.h文件中的参数来绑定您的设备。请检查一下ble_app_security.为了了解如何实现安全功能的SDK示例。此外,我强烈建议您遵循这些步骤Tutorial 5 : Pairing , Bonding & Security" to enable security in the DSPS. You will be able to find the tutorial in the Documents tab at the Tutorials section or by following the below link
https://support.dialog-seminile.com/system/files/restricted/training_05_ble_security_example_v1.1.pdf.
Thanks, PM_Dialog
在开始在论坛之前,我在上一篇文章中完成了所有这些步骤。问题是,在启用所有安全功能(根据培训5手册)后,以及软件部分指南的建议我有下一个情况:
1.尝试将设备连接到电话后,该设备向手机应用程序发送配对请求
2. I see a system dialog window with pin-code entrance textbox
3.我可以跳过这个窗口,阅读和写作服务仍然可以从手机中获得
因此,我需要帮助更改user_app_callbacks结构或default_app_on_connection函数,因为它在获取代码交换过程的结果之前,它可以启用所有服务。
嗨Andrey_Kiselnikov,
Please check the user_app_init() function from the ble_app_security example of the SDK. If the BLE_APP_SEC is defined, then the app_set_prf_srv_perm(TASK_ID_CUSTS1, APP_CUSTS1_SEC_REQ) will executed. This function sets the service permission access rights for a profile, according to APP_CUSTS1_SEC_REQ definition. Could you please change the APP_CUSTS1_SEC_REQ to SRV_PERM_AUTH? It seems that the security is disabled from the profile database
Thanks, PM_Dialog
此函数 - app_set_prf_srv_perm()在“DSPS-V61502”项目中,但从未执行,我应该在哪里添加它来执行?
您好,您对此问题有任何更新吗?
Hi, are anybody there?
嗨Andrey_Kiselnikov,
3.我可以跳过这个窗口,阅读和写作服务仍然可以从手机中获得
The gapc_bond_ind_handler() should be called if you refuse the pairing, and this function will disconnect the phone.
static const struct ke_msg_handler app_sec_process_handlers [] =
{
.......
{gapc_bond_ind,(ke_msg_func_t)gapc_bond_ind_handler},
谢谢,但如果我输入错误的密钥,则该程序仅进入“GAPC_BOND_IND_HAND_HANDLER”中的“GAPC_PAIRING_FAILED:”。如果我在电话屏幕上逃脱这个窗口或忽略它,程序仍然可以工作。
嗨安德烈,
You can test the different IO capability type in use_config.h. I think you should disable user escape the pairing window on the phone.
你能用Light Bule来测试你的固件吗?
/************************************************************
*设备IO功能(@see gap_io_cap)
*
* - 只显示GAP_IO_CAP_DISPLAY_ONLY
* - GAP_IO_CAP_DISPLAY_YES_NO Display Yes No
* - GAP_IO_CAP_KB_ONLY Keyboard Only
* - GAP_IO_CAP_NO_INPUT_NO_OUTPUT无输入无输出
* - GAP_IO_CAP_KB_DISPLAY Keyboard Display
*
*仅选择一个选项。
************************************************************
*/
#define user_cfg_feat_io_cap gap_io_cap_no_input_no_output // gap_io_cap_display_yes_no
测试它们,它仍然能够连接而不确认密钥。
我通过替换在密钥_succeed案例之后在安全任务状态机中替换发送功能消息功能来找到解决方案。
嗨Andrey_Kiselnikov,
很高兴您的问题已得到修复。谢谢你的迹象。
Thanks, PM_Dialog
嗨Andrey_Kiselnikov.
我想要在DSP上添加对功能,
can u give me your source code for reference