This example demonstrates the implementation of different security levels of pairing and the data transfer in a multi-connection environment.
This project instantiates a data hub that plays the roles of GAP Central, GAP Peripheral, GATT Client and GATT Server at the same time, and that is able to pair with up to 3 slaves at different security levels. In addition, the device will also be able to pair with a Master, to which it can send the data collected from the slaves or distribute the data from the master to the slaves.
Programming Language: C
Associated Parts: CYW20819
Related Hardware: CYW920819EVB-02 Board (2 to 4 required)
Figure 1: Block Diagram
As shown in the above block diagram, the Secure Hub can connect with up to 3 slave devices (programmed with hello_sensor project). It in turn serves as a slave for a master device. All the CYW20819 devices will be able to communicate with the PC via PUART interfaces that appear as serial terminal COM Ports in the PC.
Firmware Flow of secure_hub Device:
Figure 2: Firmware Flow
- application_start is the program entry point. Here the peripheral UART is set for displaying Debug Messages. The BT Stack and the corresponding management callback are started using the wiced_bt_stack_init () API.
- db_management_cback() function in secure_hub.c handles the events generated for the BLE Stack. The BTM_ENABLED_EVT indicates that the Bluetooth stack is ready. Upon the reception of this event, we start the Non-Connectable High Duty Cycle advertisement. The Timer and GPIO Interrupts are registered. The Timer and GPIO Button Press Interrupt callbacks increment the suffix in the Device Name by 1 and then continues the advertisement with the incremented name.
- In the secure_hub and the hello_sensor projects, the user needs to enter the desired security level and IO Capabilities via console. The console accepts inputs via PUART. The 4 security levels supported in this project are
- Just Works
- LE Secure Connection
- LE Secure Connection with MITM
- The hello_sensor project starts advertising, once these details are entered. A Scan is initiated via GPIO Interrupt button press on the secure_hub device. The UUID of the service available in the hello_sensor node is verified in the callback, after which the connection is initiated by the secure_hub.
- Once a connection is established with the slave, the secure_hub performs a GATT Discovery of the slave using the custom UUIDs of hello_service. The discovery happens in 3 stages:
The GATT DB of the hello_sensor device contains the hello service. The hello_service contains two characteristics (Refer hello_sensor/gatt_db.c and hello_sensor/gatt_db.h files)
- HANDLE_HSENS_SERVICE_CHAR_NOTIFY:This characteristic has the properties of Notification and Indication. The Bytes to be notified / indicated are typed in the serial terminal of the hello_sensor device and are transmitted as Notification or Indication to the secure_hub.
- HANDLE_HSENS_SERVICE_CHAR_BLINK:This characteristic has the properties of Read and Write. The secure nature of the application is demonstrated using this characteristic. In the gatt_db.c file of the hello_sensor, it can be noticed that the permissions of this characteristic include these bitmasks: LEGATTDB_PERM_WRITE_REQ| LEGATTDB_PERM_AUTH_WRITABLE. This means that this characteristic can be written only when the link has been paired with MITM (Man in the middle protection). Security Levels (either BTM_LE_AUTH_REQ_MITM or BTM_LE_AUTH_REQ_SC_MITM. The user has to manually take care of this in the application level. When other security levels are used, a write to this characteristic will result in an “Insufficient Authentication” error. Once this characteristic is successfully written by a one byte value, the Red LED on the board blinks as many times as the written value. By the end of the discovery, the secure_hub device stores the Attribute handles of the HANDLE_HSENS_SERVICE_CHAR_BLINK characteristic and the CCCD (Client Characteristic Configuration Descriptor) of the HANDLE_HSENS_SERVICE_CHAR_NOTIFY characteristic. With the attribute handles, the secure_hub device can write to these characteristics descriptors. The CCCD Handle is required, so that the notifications / indications can be enabled / disabled on the hello_sensor slaves. The handles are stored in a global structure g_secure_hub.
- The GATT DB of the secure_hub device correspondingly has two characteristics HANDLE_SECURE_HUB_SERVICE_CHAR_NOTIFY and HANDLE_SECURE_HUB_SERVICE_CHAR_LED_WRITE. The former is used to transmit the Notifications / Indications received from the hello_sensor devices to the master (if present any). Such notifications are appended along with the Connection ID of the slave, so that the master can identify the slave that has sent the notification. The latter is used to receive writes from the master, which is in-turn written to the HANDLE_HSENS_SERVICE_CHAR_BLINK characteristic on the hello_sensor slaves.
- At any instant, a new slave may be connected to the secure_hub or a old one may detach itself by pressing the SW1 button the board. A maximum of 3 hello_sensor slaves can be connected to the secure_hub device at a time, in addition to a master. The secure_hub keeps advertising, until a master has connected to it. It will again start advertising when the master has disconnected from it.
Programming and Testing:
- Install the ModusToolBox 1.1 (or above) in your PC. Plug in two CYW920819EVB-02 Boards and let the drivers bind to the devices. Make sure the jumpers are in place. For more details, please refer Getting Started with CYW20819.
- Refer this Knowledge Base Article for importing a new ModustoolBox Project.
- Open two windows of Serial Terminal (Example: Teraterm Coolterm), and bind each of those windows to the PUART COM Ports of each devices. Each device has two COM Ports with consecutive numbers. The COM Port with the bigger number corresponds to the PUART that displays Debug Messages. The one with the smaller number corresponds to the HCI UART. The BaudRate is set to 115200 in the firmware. Make sure the BaudRate in serial terminals is also set to 115200.
- Select the secure_hub project you created, and click on ‘Build and Program’ as shown in below figure. You can see the Secure_hub program being built and downloaded into one of the boards. (For more details or troubleshooting, please refer the Getting Started with CYW20819)
- Similarly program the hello_sensor firmware to another device.
- In the Teraterm, the debug logs can be seen asking to select the security level among these 4 – No Security, MITM (Man in the middle), LE Secure Connection, LE Secure Connection with MITM. Select the appropriate security level on either device, by entering the corresponding number. Following this, for the security levels that involve MITM, you will have to select the IO Capabilities. The user has to select the MITM.
- The hello_sensor device will start to advertise. In the secure_hub device, press the SW3 button for more than 5 seconds for the scan to start. Once the secure_hub finds the hello_sensor device advertising, it will automatically initiate connection and pairing process. In case of the security levels with MITM, passkey entry might be required, where the user has to enter the passkey displayed by one device as input to another device.
- The secure_hub device keeps advertising and it can be connected to another central (any BLE App on Smart Phone, say CySmart.)
- Once the pairing is complete, the secure_hub automatically enables notifications on the hello_sensor device. The user will be able to send notifications by directly typing on the terminal of the hello_sensor byte by byte. The secure_hub displays the notifications received from the hello_sensor and in turn sends them to the Central if present, and if notifications / indications have been enabled by the Central.
- At any time, another hello_sensor device can be connected the secure_hub by following steps 7,8,9 while preserving the existing connection. A maximum of 3 hello_sensor devices can be connected to the secure hub.
- The Central can send write requests to the secure_hub which in turn performs write requests to the slave hello_sensor devices connected to it.
Note: When the secure_hub tries to write to a slave with which it has paired with security levels without MITM, it will receive “Insufficient Authentication Error”. Also, when the master tries to write to the secure_hub, when no slaves are connected to the secure_hub, it will result in an “insufficient authorization” error.
Table -1 lists all relevant application notes, code examples, knowledge base articles, device datasheets, and Component / user module datasheets.
Table 1: Related Documents
AN225684 - Getting Started with CYW20819
This Getting Started Guide can be downloaded from here.
CYW920819EVB-02 Evaluation Kit User Guide
This Evaluation Kit User Guide can be downloaded from here.
Secure_Hub_CYW20819.zip 2.3 MB