6 Replies Latest reply on Mar 24, 2020 3:38 PM by PY_21

    authorization clarification

    maze_1672671

      Hello all,

       

      I would like to use authorization, so I call:

       

      if (CYBLE_GATT_ERR_NONE != CyBle_GattsDbAuthorize(0)) {

          DBG_ERR ;

      }

      else {

          DBG_puts("NON autorizzato") ;          I see this print, so database is not authorized

      }

       

      CyBle_GappStartAdvertisement(CYBLE_ADVERTISING_FAST) ;

       

      When I try to access a characteristic that should be authorized, I get:

       

      [15:54:36:727] : 'Write Characteristic Value' request sent

      [15:54:36:727] : Attribute Handle: 0x001D

      [15:54:36:727] : Value: [AA]

      [15:54:36:731] : 'Command Status' event received

      [15:54:36:731] : Status: BLE_STATUS_OK

      [15:54:36:740] : 'Command Complete' event received

      [15:54:36:740] : Status: BLE_STATUS_OK                                   Write is OK !

      [15:54:36:747] : 'Read Characteristic Value' request sent

      [15:54:36:747] : Attribute Handle: 0x001D

      [15:54:36:750] : 'Command Status' event received

      [15:54:36:750] : Status: BLE_STATUS_OK

      [15:54:36:767] : 'GATT Error Notification' event received

      [15:54:36:767] : Error Code: BLE_GATT_ERR_INSUFFICIENT_AUTHORIZATION

      Error: gpm.M1008: Read characteristic value failed. Insufficient authorization.

       

      Moreover, in the source code, CYBLE_EVT_GATTS_WRITE_REQ happens!

       

      It seems that only reading is subjected to authentication, but in the 4.2 specs I found that 4.9.3 Write Characteristic Value uses 3.4.5.1 Write Request, which says:

       

      If the client has insufficient authorization to write the requested attribute then an Error Response shall be sent with the error code «Insufficient Authorization».

       

      So specs say that also write must follow authorization

       

      Here attached you can find the configuration and the attribute discovered by cysmart, so you can check that 0x001D handle belongs to the characteristic that is subjected to read and write authorization

       

      Can someone explain what is happening?

        • 1. Re: authorization clarification
          PY_21

          Hello,

           

          We have replicated the problem. We have forwarded your query to the product development team, who will evaluate your query. We will get back to you soon.

          Thank you for informing the issue.

           

          Thanks,

          P Yugandhar.

          • 2. Re: authorization clarification
            maze_1672671

            Hello Yugandhar,

             

            I also found that CYBLE_EVT_GATTS_READ_CHAR_VAL_ACCESS_REQ happens so the read fails by client's viewpoint but from the server perspective it worked

            • 3. Re: authorization clarification
              maze_1672671

              No news?

               

              Do you have a workaround?

              • 4. Re: authorization clarification
                PY_21

                Hello,

                 

                Please add the below code in the CYBLE_EVT_GATTS_WRITE_REQ event, it will give Insufficient Authorization while writing data (If the client has insufficient authorization).

                **************************************
                case CYBLE_EVT_GATTS_WRITE_REQ:
                    {
                        wrReqParam = (CYBLE_GATTS_WRITE_REQ_PARAM_T *) eventParam;
                        CYBLE_GATT_ERR_CODE_T gattErr = CYBLE_GATT_ERR_NONE;
                        printf("\r\n write request ");
                     
                       gattErr = CyBle_GattsWriteAttributeValue(&wrReqParam->handleValPair,0,&cyBle_connHandle,CYBLE_GATT_DB_PEER_INITIATED);

                        if(gattErr != CYBLE_GATT_ERR_NONE)
                        {
                            CYBLE_GATTS_ERR_PARAM_T err_param;
                          
                            err_param.opcode = (uint8) CYBLE_GATT_WRITE_REQ;
                            err_param.attrHandle = wrReqParam->handleValPair.attrHandle;
                            err_param.errorCode = gattErr;
                            /* Send Error Response */
                            (void)CyBle_GattsErrorRsp(wrReqParam->connHandle, &err_param);
                        }
                        else
                        {
                            (void)CyBle_GattsWriteRsp(wrReqParam->connHandle);
                        }
                    break;
                **************************************

                 

                Thanks,
                P Yugandhar.

                • 5. Re: authorization clarification
                  maze_1672671

                  Hello Yugandhar,

                   

                  Thank you for your anwer

                   

                  Instead of altering the db, can I check authorization with CyBle_GattsReadAttributeValue and CYBLE_GATT_DB_PEER_INITIATED?

                  • 6. Re: authorization clarification
                    PY_21

                    The function CyBle_GattsReadAttributeValue() is used to read the value field of the specified attribute from the GATT database in a GATT Server. Peer initiated call to this function results in the function checking for attribute permissions before performing this operation.

                     

                    Thanks,
                    P Yugandhar.