How to control encryption setting

⚠️
Hi there.. thanks for coming to the forums. Exciting news! we’re now in the process of moving to our new forum platform that will offer better functionality and is contained within the main Dialog website. All posts and accounts have been migrated. We’re now accepting traffic on the new forum only - please POST any new threads at//www.wsdof.com/support. We’ll be fixing bugs / optimising the searching and tagging over the coming days.
11 posts / 0 new
Last post
Mimura
Offline
Last seen:6 months 3 weeks ago
加入:2018-10-04 04:35
How to control encryption setting

Hi Dialog.

We want to control an encryption setting of each characteristic.
Can we control an encryption setting of each characteristic?
If possible, can it switch dynamically? - For example, toggle the setting each time pressed a key.-

Thank you.

Keywords:
Device:
PM_Dialog
Offline
Last seen:3 days 4 hours ago
Staff
加入:2018-02-08 11:03
Hi Mimura,

Hi Mimura,

Please check the ble_app_security example of the SDK. Encryption is automatically enabled when the Authentication (AUTH) is enabled on the characteristic. Also, you can have encryption on each characteristic when the Un-authentication (UNAUTH) is enabled. But in each case, you should configure your project with simple security. So, define USER_CFG_PAIR_METHOD_JUST_WORKS and un-define the USER_CFG_PAIR_METHOD_PASSKEY in the user_config.h header file of ble_app_security project. Also, you should change the permissions of the characteristic. For example, suppose you would like to change the permissions of the CUST1_IDX_CONTROL_POINT_VAL. In case of authorization, you should configure it as PERM(WR, AUTH) and in case of un-authorization you should configure it as PERM(WR, UNAUTH). For more information about the security, please read theTutorial 5 : Pairing , Bonding & Securityfrom our support page. Regarding the dynamically switch, let me check and I will get back to you as soon as possible. Be aware that we don’t have any example with this functionality.

Thanks, PM_Dialog

Mimura
Offline
Last seen:6 months 3 weeks ago
加入:2018-10-04 04:35
Hi PM_Dialog

Hi PM_Dialog

Thank you for your reply.

We need the permission only encryption enable.
In this case we configure PERM(WR, UNAUTH), Is my understanding correct?

Thank you.

PM_Dialog
Offline
Last seen:3 days 4 hours ago
Staff
加入:2018-02-08 11:03
Hi Mimura,

Hi Mimura,

As it has been mentioned in the previous post, you are not able to enable only the encryption on a characteristic. If you would like, encryption without authorization, yes, that’s correct.

Thanks, PM_Dialog

Mimura
Offline
Last seen:6 months 3 weeks ago
加入:2018-10-04 04:35
Hi PM_Dialog

Hi PM_Dialog

We would like to configure encryption = enable, authentication = no use, authorization = no use.
So it is PERM (WR, UNAUTH), right?

We also expect information on dynamically switching permissions.

Thank you.

Mimura
Offline
Last seen:6 months 3 weeks ago
加入:2018-10-04 04:35
Hi PM_DIalog

Hi PM_DIalog

I tried communication test UNAUTH characteristic with the settingu as below . - I omitted a bit. -

[CUST1_IDX_CONTROL_POINT_RD_CHAR] = {... PERM(RD, ENABLE), ...},
[CUST1_IDX_CONTROL_POINT_RD_VAL] = {... PERM(NTF, ENABLE), ...},
[CUST1_IDX_CONTROL_POINT_RD_CFG] = {... PERM(RD, UNAUTH) | PERM(WR, UNAUTH), ...},
[CUST1_IDX_CONTROL_POINT_WR_CHAR] = {.... PERM(RD, ENABLE), ...},
[CUST1_IDX_CONTROL_POINT_WR_VAL] = {... PERM(WR, UNAUTH), ...},

A notification via CUST1_IDX_CONTROL_POINT_RD_VAL to Android is no problem.
Also writing to CUST1_IDX_CONTROL_POINT_WR_VAL from Android is OK.
But the writing to CUST1_IDX_CONTROL_POINT_RD_CFG is not good.
Android indicate GATT INTERNAL ERROR, and it does not come to handler gattc_write_cmd_ind_handler in DA14580.
Is there some problems if a "Client Characteristic Configuration Descriptor" permission set to UNAUTH?

Thank you.

PM_Dialog
Offline
Last seen:3 days 4 hours ago
Staff
加入:2018-02-08 11:03
Hi Mimura,

Hi Mimura,

Conceptually, we cannot encrypt a characteristic, but we can always encrypt the value of a characteristic and de-crypt it as well. With PERM (WR, UNAUTH) permission, you enable the encryption of the value of the characteristic without authentication. Could you please clarify and provide more information regarding the dynamically switching permissions? Also, it is highly recommended to read theTutorial 5 : Pairing , Bonding & Securityfrom our support page to understand better how the security works.

Thanks, PM_Dialog

Mimura
Offline
Last seen:6 months 3 weeks ago
加入:2018-10-04 04:35
Hi PM_Dialog

Hi PM_Dialog

Thank you for your advice.

I read Tutorial 5 : Pairing , Bonding & Security f, but my understanding is still bad.
-- And this tutorial seems a little old. Are there update? We use SDK 5.0.4. --
What we want to do is as follows.

1. Create the GATT DB with mixed ENABLE and UNAUTH each characteristic at initializing.
2. I want to disable the encryption of UNAUTH characterristics, when receiving a trigger.

I think that creating GATT DB is no problem. -- But we don't solve a issue of Thu, 2018-10-25 10:48. Failure to write to CCCD will fail.--
I would like to switch from operation on UNAUTH to operation on ENABLE within that connection.
Is my explanation well?

Thank you.

Mimura
Offline
Last seen:6 months 3 weeks ago
加入:2018-10-04 04:35
Hi PM_Dialog

Hi PM_Dialog

例如,有可能做following?

1. Add a variable to control security (encryption).
2. Modify default_app_on_connection like below
void default_app_on_connection(uint8_t connection_idx, struct gapc_connection_req_ind const *param)
{
if (app_env[connection_idx].conidx != GAP_INVALID_CONIDX)
{
(Omitted)

if ((user_default_hnd_conf.security_request_scenario == DEF_SEC_REQ_ON_CONNECT) && (BLE_APP_SEC)
&& (new_variable == 1) <- add a condition.
)
{
app_easy_security_request (connection_idx);
}
}
else
{
(Omitted)
}
}

Can we control encryption by setting this variable to 0 and 1?

Thank you.

PM_Dialog
Offline
Last seen:3 days 4 hours ago
Staff
加入:2018-02-08 11:03
Hi Mimura,

Hi Mimura,

Let me check your query and I will get back to you as soon as possible.

Thanks, PM_Dialog

PM_Dialog
Offline
Last seen:3 days 4 hours ago
Staff
加入:2018-02-08 11:03
Hi Mimura,

Hi Mimura,

I am not able to understand what you are trying to do with the attached code snippet, but be aware that all the permissions are stored into the app_prf_srv_perm table. Please check the prf_init_srv_perm. The default_app_on_init() calls the prf_init_srv_perm() function in the system initialization for all the services.

Thanks, PM_Dialog