2 Replies Latest reply on May 7, 2017 11:07 PM by anpm

    [Problem with encryption and authentication] - PSoC Creator and CYBLE-022001-00

    aledda_1602741

      Good morning,

         

      I am currently developping software with PSoC Creator 3.3 on a chip CYBLE-022001-00. My question is about the security. This is my configuration :

         

      General :

         

      GATT Server.
      GAP Paripheral.

         

      GAP Settings (Security) :

         

      Security Mode : Mode 1.
      Security Level : Authenticated pairing with encryption.
      I/O Capabilities : Display Only.
      Bonding requirement : No Bonding.
      Encryption key size (bytes) : 16.

         

       

         

      I have created 2 Services in a Custom profile : One for Read and one for write data. I have a bridge between BLE and I2C (i am using a project « Day035_I2C_BLE_Bridge » for that).

         

      To have an higher security betweek two devices, i am using encryption and authentication. I used the project « Day016_Authentication » to have the same thing. The problem is : during the authentication, i enter the passkey in a smartphone (the passkey generated by the cyble-022001-00), but if i fail the authentication, i am still able to write data in a characteristic and i am able to read theses datas with the I2C component.

         

      In the profile properties, all permissions need an encryption (encryption required) and an authentication (authentication required).

         

      Do you know how it is possible to write (and read) in all characteristics even if the anthentication if fail ?

         

      Thank you for your answer.

         

       

         

      Kind regards.

        • 1. Re: [Problem with encryption and authentication] - PSoC Creator and CYBLE-022001-00
          e.pratt_1639216

          It should be automatically rejecting the requests if they don't fulfill the permissions/security requirements. That said, try checking the values being sent to the BLESS callback event handler upon the reads/writes to see if the authentication/encryption bits are set upon receiving a read/write request.

             

          Also, you could check that the software isn't passing every read/write request in the callback handler as well.

             

          More or less, the issue probably lies in your event handler callback code.

          • 2. Re: [Problem with encryption and authentication] - PSoC Creator and CYBLE-022001-00
            anpm

            Hi,

               

             

               

            You need to take care this in the application firmware.

               

            You should use CyBle_GattsWriteAttributeValue API to write in to GATT DB of server once you got a write request/command from client.

               

            Then check the gatt error by checking the error code of API . If authentication fails, the error code will get generated. 

               


            Note: You need to follow a similar procedure for write requests also. The code should look something like this: gattErr = CyBle_GattsWriteAttributeValue(&wrReqParam.handleValPair,0,&cyBle_connHandle,CYBLE_GATT_DB_PEER_INITIATED);

               

            if(gattErr == CYBLE_GATT_ERR_NONE)

               

            { /* Send Write Response */ CyBle_GattsWriteRsp(cyBle_connHandle); }

               

            else { err_param.opcode = (uint8) CYBLE_GATT_WRITE_REQ;

               

            err_param.attrHandle = wrReqParam.handleValPair.attrHandle;

               

            err_param.errorCode = gattErr;

               

            /* Send Error Response */ (void)CyBle_GattsErrorRsp(cyBle_connHandle, &err_param); }
             

               

            -Anjana