[Problem with encryption and authentication] - PSoC Creator and CYBLE-022001-00

Ask the Community
Close
Ask the Community
nav search Icon
Forums gray-arrow gray-arrow
Resources gray-arrow gray-arrow
About gray-arrow gray-arrow
Groups gray-arrow gray-arrow
nav-user Account

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob

[Problem with encryption and authentication] - PSoC Creator and CYBLE-022001-00

anlec_1602741
Level 1
Level 1
‎May 04, 2017 01:14 AM
‎May 04, 2017 01:14 AM
Jump to solution

Good morning,

   

I am currently developping software with PSoC Creator 3.3 on a chip CYBLE-022001-00. My question is about the security. This is my configuration :

   

General :

   

GATT Server.
GAP Paripheral.

   

GAP Settings (Security) :

   

Security Mode : Mode 1.
Security Level : Authenticated pairing with encryption.
I/O Capabilities : Display Only.
Bonding requirement : No Bonding.
Encryption key size (bytes) : 16.

   

 

   

I have created 2 Services in a Custom profile : One for Read and one for write data. I have a bridge between BLE and I2C (i am using a project « Day035_I2C_BLE_Bridge » for that).

   

To have an higher security betweek two devices, i am using encryption and authentication. I used the project « Day016_Authentication » to have the same thing. The problem is : during the authentication, i enter the passkey in a smartphone (the passkey generated by the cyble-022001-00), but if i fail the authentication, i am still able to write data in a characteristic and i am able to read theses datas with the I2C component.

   

In the profile properties, all permissions need an encryption (encryption required) and an authentication (authentication required).

   

Do you know how it is possible to write (and read) in all characteristics even if the anthentication if fail ?

   

Thank you for your answer.

   

 

   

Kind regards.

0 Likes
Subscribe
1 Solution

Re: [Problem with encryption and authentication] - PSoC Creator and CYBLE-022001-00

AnjanaM_61
Moderator
Moderator
Moderator
10 questions asked 5 comments on KBA First comment on KBA
‎May 07, 2017 11:07 PM
‎May 07, 2017 11:07 PM
Jump to solution

Hi,

   

 

   

You need to take care this in the application firmware.

   

You should use CyBle_GattsWriteAttributeValue API to write in to GATT DB of server once you got a write request/command from client.

   

Then check the gatt error by checking the error code of API . If authentication fails, the error code will get generated. 

   


Note: You need to follow a similar procedure for write requests also. The code should look something like this: gattErr = CyBle_GattsWriteAttributeValue(&wrReqParam.handleValPair,0,&cyBle_connHandle,CYBLE_GATT_DB_PEER_INITIATED);

   

if(gattErr == CYBLE_GATT_ERR_NONE)

   

{ /* Send Write Response */ CyBle_GattsWriteRsp(cyBle_connHandle); }

   

else { err_param.opcode = (uint8) CYBLE_GATT_WRITE_REQ;

   

err_param.attrHandle = wrReqParam.handleValPair.attrHandle;

   

err_param.errorCode = gattErr;

   

/* Send Error Response */ (void)CyBle_GattsErrorRsp(cyBle_connHandle, &err_param); }
 

   

-Anjana

View solution in original post

0 Likes
2 Replies

Re: [Problem with encryption and authentication] - PSoC Creator and CYBLE-022001-00

Anonymous
Not applicable
‎May 05, 2017 06:50 AM
‎May 05, 2017 06:50 AM
Jump to solution

It should be automatically rejecting the requests if they don't fulfill the permissions/security requirements. That said, try checking the values being sent to the BLESS callback event handler upon the reads/writes to see if the authentication/encryption bits are set upon receiving a read/write request.

   

Also, you could check that the software isn't passing every read/write request in the callback handler as well.

   

More or less, the issue probably lies in your event handler callback code.

0 Likes

Re: [Problem with encryption and authentication] - PSoC Creator and CYBLE-022001-00

AnjanaM_61
Moderator
Moderator
Moderator
10 questions asked 5 comments on KBA First comment on KBA
‎May 07, 2017 11:07 PM
‎May 07, 2017 11:07 PM
Jump to solution

Hi,

   

 

   

You need to take care this in the application firmware.

   

You should use CyBle_GattsWriteAttributeValue API to write in to GATT DB of server once you got a write request/command from client.

   

Then check the gatt error by checking the error code of API . If authentication fails, the error code will get generated. 

   


Note: You need to follow a similar procedure for write requests also. The code should look something like this: gattErr = CyBle_GattsWriteAttributeValue(&wrReqParam.handleValPair,0,&cyBle_connHandle,CYBLE_GATT_DB_PEER_INITIATED);

   

if(gattErr == CYBLE_GATT_ERR_NONE)

   

{ /* Send Write Response */ CyBle_GattsWriteRsp(cyBle_connHandle); }

   

else { err_param.opcode = (uint8) CYBLE_GATT_WRITE_REQ;

   

err_param.attrHandle = wrReqParam.handleValPair.attrHandle;

   

err_param.errorCode = gattErr;

   

/* Send Error Response */ (void)CyBle_GattsErrorRsp(cyBle_connHandle, &err_param); }
 

   

-Anjana

0 Likes