Any tips on how to implement a secure server when the client uses the 'random' address type? I found that with "bonding requirement" set to "Bonding" my server would still accept a connection from an un-bound client. So I set the Advertising Filter Policy to "Scan request: Any | Connect request: White list" and wrote some code to keep the whitelist aligned with the bonded devices list. This worked well until I encountered a client device that used a random address for privacy (CyBle_GapGetPeerBdAddr returns type 1 in CYBLE_GAP_BD_ADDR_T:type). Now it works fine immediately after bonding, but gets locked out (because of whitelisting) when the address changes.
So how can I prevent un-bonded clients from connecting while allowing bonded clients which use random addresses?
EDIT: Arghh! On further research I tried:
case CYBLE_EVT_GAP_AUTH_REQ:
wrAuthInfo = (CYBLE_GAP_AUTH_INFO_T *)eventParam;
if (bond_closed) {
wrAuthInfo->bonding = CYBLE_GAP_BONDING_NONE;
wrAuthInfo->authErr = CYBLE_GAP_AUTH_ERROR_AUTHENTICATION_REQ_NOT_MET;
}
break;
In my event handler. This appears to be quantum code - if I have a breakpoint in the conditional it gets triggered and the pairing request is rejected as intended. However remove that breakpoint and pairing (with bonding) happens as if the conditional is false!
I am beginning to see why so much IoT technology gets shipped insecure! I've spent days banging my head against this brick wall - all my good intentions get thwarted by awful documentation and "insecure by default" APIs!
Help please!
