authorization clarification

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
lock attach
Attachments are accessible only for community members.
maze_1672671
Level 4
Level 4
First like received 25 replies posted 25 sign-ins

Hello all,

I would like to use authorization, so I call:

if (CYBLE_GATT_ERR_NONE != CyBle_GattsDbAuthorize(0)) {

    DBG_ERR ;

}

else {

    DBG_puts("NON autorizzato") ;          I see this print, so database is not authorized

}

CyBle_GappStartAdvertisement(CYBLE_ADVERTISING_FAST) ;

When I try to access a characteristic that should be authorized, I get:

[15:54:36:727] : 'Write Characteristic Value' request sent

[15:54:36:727] : Attribute Handle: 0x001D

[15:54:36:727] : Value: [AA]

[15:54:36:731] : 'Command Status' event received

[15:54:36:731] : Status: BLE_STATUS_OK

[15:54:36:740] : 'Command Complete' event received

[15:54:36:740] : Status: BLE_STATUS_OK                                   Write is OK !

[15:54:36:747] : 'Read Characteristic Value' request sent

[15:54:36:747] : Attribute Handle: 0x001D

[15:54:36:750] : 'Command Status' event received

[15:54:36:750] : Status: BLE_STATUS_OK

[15:54:36:767] : 'GATT Error Notification' event received

[15:54:36:767] : Error Code: BLE_GATT_ERR_INSUFFICIENT_AUTHORIZATION

Error: gpm.M1008: Read characteristic value failed. Insufficient authorization.

Moreover, in the source code, CYBLE_EVT_GATTS_WRITE_REQ happens!

It seems that only reading is subjected to authentication, but in the 4.2 specs I found that 4.9.3 Write Characteristic Value uses 3.4.5.1 Write Request, which says:

If the client has insufficient authorization to write the requested attribute then an Error Response shall be sent with the error code «Insufficient Authorization».

So specs say that also write must follow authorization

Here attached you can find the configuration and the attribute discovered by cysmart, so you can check that 0x001D handle belongs to the characteristic that is subjected to read and write authorization

Can someone explain what is happening?

0 Likes
1 Solution

Hello,

Please add the below code in the CYBLE_EVT_GATTS_WRITE_REQ event, it will give Insufficient Authorization while writing data (If the client has insufficient authorization).

**************************************
case CYBLE_EVT_GATTS_WRITE_REQ:
    {
        wrReqParam = (CYBLE_GATTS_WRITE_REQ_PARAM_T *) eventParam;
        CYBLE_GATT_ERR_CODE_T gattErr = CYBLE_GATT_ERR_NONE;
        printf("\r\n write request ");
     
       gattErr = CyBle_GattsWriteAttributeValue(&wrReqParam->handleValPair,0,&cyBle_connHandle,CYBLE_GATT_DB_PEER_INITIATED);

        if(gattErr != CYBLE_GATT_ERR_NONE)
        {
            CYBLE_GATTS_ERR_PARAM_T err_param;
          
            err_param.opcode = (uint8) CYBLE_GATT_WRITE_REQ;
            err_param.attrHandle = wrReqParam->handleValPair.attrHandle;
            err_param.errorCode = gattErr;
            /* Send Error Response */
            (void)CyBle_GattsErrorRsp(wrReqParam->connHandle, &err_param);
        }
        else
        {
            (void)CyBle_GattsWriteRsp(wrReqParam->connHandle);
        }
    break;
**************************************

Thanks,
P Yugandhar.

View solution in original post

0 Likes
6 Replies
Yugandhar
Moderator
Moderator
Moderator
500 solutions authored 1000 replies posted 5 likes given

Hello,

We have replicated the problem. We have forwarded your query to the product development team, who will evaluate your query. We will get back to you soon.

Thank you for informing the issue.

Thanks,

P Yugandhar.

0 Likes

Hello Yugandhar,

I also found that CYBLE_EVT_GATTS_READ_CHAR_VAL_ACCESS_REQ happens so the read fails by client's viewpoint but from the server perspective it worked

0 Likes

No news?

Do you have a workaround?

0 Likes

Hello,

Please add the below code in the CYBLE_EVT_GATTS_WRITE_REQ event, it will give Insufficient Authorization while writing data (If the client has insufficient authorization).

**************************************
case CYBLE_EVT_GATTS_WRITE_REQ:
    {
        wrReqParam = (CYBLE_GATTS_WRITE_REQ_PARAM_T *) eventParam;
        CYBLE_GATT_ERR_CODE_T gattErr = CYBLE_GATT_ERR_NONE;
        printf("\r\n write request ");
     
       gattErr = CyBle_GattsWriteAttributeValue(&wrReqParam->handleValPair,0,&cyBle_connHandle,CYBLE_GATT_DB_PEER_INITIATED);

        if(gattErr != CYBLE_GATT_ERR_NONE)
        {
            CYBLE_GATTS_ERR_PARAM_T err_param;
          
            err_param.opcode = (uint8) CYBLE_GATT_WRITE_REQ;
            err_param.attrHandle = wrReqParam->handleValPair.attrHandle;
            err_param.errorCode = gattErr;
            /* Send Error Response */
            (void)CyBle_GattsErrorRsp(wrReqParam->connHandle, &err_param);
        }
        else
        {
            (void)CyBle_GattsWriteRsp(wrReqParam->connHandle);
        }
    break;
**************************************

Thanks,
P Yugandhar.

0 Likes

Hello Yugandhar,

Thank you for your anwer

Instead of altering the db, can I check authorization with CyBle_GattsReadAttributeValue and CYBLE_GATT_DB_PEER_INITIATED?

0 Likes

The function CyBle_GattsReadAttributeValue() is used to read the value field of the specified attribute from the GATT database in a GATT Server. Peer initiated call to this function results in the function checking for attribute permissions before performing this operation.

Thanks,
P Yugandhar.

0 Likes