Hello All,
I am using nrf52805M from fanstel (LINK), and code which is based on nrf sdk softdevice S112.
Things works great normally, but in order to satisfy the cyber security requirements I am enabling BLE encryption and MIMA protection using below code in NRF sdk,
After enabling (just modified line 61 and 62 SEC_OPEN to SEC_MITM ) I am not able to communicate, when i write using the write characteristics using NRF CONNECT APP it says "Insufficient Encryption"
Do i need to modified anything else as well ?
uint32_t ble_nus_init(ble_nus_t * p_nus, ble_nus_init_t const * p_nus_init) { ret_code_t err_code; ble_uuid_t ble_uuid; ble_uuid128_t nus_base_uuid = NUS_BASE_UUID; ble_add_char_params_t add_char_params; printf("\nDbg8\n"); VERIFY_PARAM_NOT_NULL(p_nus); VERIFY_PARAM_NOT_NULL(p_nus_init); // Initialize the service structure. p_nus->data_handler = p_nus_init->data_handler; /**@snippet [Adding proprietary Service to the SoftDevice] */ // Add a custom base UUID. err_code = sd_ble_uuid_vs_add(&nus_base_uuid, &p_nus->uuid_type); VERIFY_SUCCESS(err_code); ble_uuid.type = p_nus->uuid_type; ble_uuid.uuid = BLE_UUID_NUS_SERVICE; // Add the service. err_code = sd_ble_gatts_service_add(BLE_GATTS_SRVC_TYPE_PRIMARY, &ble_uuid, &p_nus->service_handle); /**@snippet [Adding proprietary Service to the SoftDevice] */ VERIFY_SUCCESS(err_code); // Add the RX Characteristic. memset(&add_char_params, 0, sizeof(add_char_params)); add_char_params.uuid = BLE_UUID_NUS_RX_CHARACTERISTIC; add_char_params.uuid_type = p_nus->uuid_type; add_char_params.max_len = BLE_NUS_MAX_RX_CHAR_LEN; add_char_params.init_len = sizeof(uint8_t); add_char_params.is_var_len = true; add_char_params.char_props.write = 1; add_char_params.char_props.write_wo_resp = 1; add_char_params.read_access = SEC_OPEN; add_char_params.write_access = SEC_OPEN; err_code = characteristic_add(p_nus->service_handle, &add_char_params, &p_nus->rx_handles); if (err_code != NRF_SUCCESS) { return err_code; } printf("\r\nRX UUID: %x\r\n", add_char_params.uuid); // Add the TX Characteristic. /**@snippet [Adding proprietary characteristic to the SoftDevice] */ memset(&add_char_params, 0, sizeof(add_char_params)); add_char_params.uuid = BLE_UUID_NUS_TX_CHARACTERISTIC; add_char_params.uuid_type = p_nus->uuid_type; add_char_params.max_len = BLE_NUS_MAX_TX_CHAR_LEN; add_char_params.init_len = sizeof(uint8_t); add_char_params.is_var_len = true; add_char_params.char_props.notify = 1; add_char_params.read_access = SEC_OPEN; add_char_params.write_access = SEC_MITM //enable encryption with MITM add_char_params.cccd_write_access = SEC_MITM //enable encryption with MITM printf("\r\nTX UUID: %x\r\n", add_char_params.uuid); return characteristic_add(p_nus->service_handle, &add_char_params, &p_nus->tx_handles); /**@snippet [Adding proprietary characteristic to the SoftDevice] */ }
Below is the Definition for SEC_MITM
/**@brief Function for setting security requirements of a characteristic. * * @param[in] level required security level. * @param[out] p_perm Characteristic security requirements. * * @return encoded security level and security mode. */ static inline void set_security_req(security_req_t level, ble_gap_conn_sec_mode_t * p_perm) { BLE_GAP_CONN_SEC_MODE_SET_NO_ACCESS(p_perm); switch (level) { case SEC_NO_ACCESS: BLE_GAP_CONN_SEC_MODE_SET_NO_ACCESS(p_perm); break; case SEC_OPEN: BLE_GAP_CONN_SEC_MODE_SET_OPEN(p_perm); break; case SEC_JUST_WORKS: BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM(p_perm); break; case SEC_MITM: BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM(p_perm); break; case SEC_SIGNED: BLE_GAP_CONN_SEC_MODE_SET_SIGNED_NO_MITM(p_perm); break; case SEC_SIGNED_MITM: BLE_GAP_CONN_SEC_MODE_SET_SIGNED_WITH_MITM(p_perm); break; } return; }