I am using the custom_bluetooth_service tutorial from https://github.com/bjornspockeli/custom_ble_service_example. However, I now want to try increasing security settings (encryption and adding passkey restrictions to characteristics). Someone from this post https://devzone.nordicsemi.com/f/nordic-q-a/28746/nrf51822-password-on-characteristic said to set "the authorization flag (rd_auth
and wr_auth)". But when I try doing custom_value_char_attr_md.rd_auth or BLE_GAP_CONN_SEC_MODE_SET_OPEN(&cccd_md.wr_auth) I get the error that the members rd_auth and wr_auth do not exist. (I am using SDK v15 with NRF52840 DK PCA10056 and S140).
So to increase security I tried using BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM(). When I do BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM(&cccd_md.read_perm), the custom characteristic no longer appears under the service after I scan and connect my NRF52840 DK
. I undo any code change and now do BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM(&cccd_md.write_perm), and this has no effect on the custom characteristic or reading/writing.
static uint32_t custom_value_char_add(ble_cus_t * p_cus, const ble_cus_init_t * p_cus_init) { uint32_t err_code; ble_gatts_char_md_t char_md; ble_gatts_attr_md_t cccd_md; ble_gatts_attr_t attr_char_value; ble_uuid_t ble_uuid; ble_gatts_attr_md_t attr_md; // Add Custom Value characteristic memset(&cccd_md, 0, sizeof(cccd_md)); // Read operation on cccd should be possible without authentication. BLE_GAP_CONN_SEC_MODE_SET_OPEN(&cccd_md.read_perm); BLE_GAP_CONN_SEC_MODE_SET_OPEN(&cccd_md.write_perm);
I undo any code change and now do BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM(&cus_init.custom_value_char_attr_md.read_perm). After I scan and connect to the DK, when I try to read values from the characteristics of the custom service, the nrf_connect application successfully bonds with the DK, but afterwards I still cannot read the characteristic values of the service.
I undo any code change and delete the bonding in the nrf_connect app. Now I do BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM(&cus_init.custom_value_char_attr_md.write_perm). After I scan and connect to the DK, I can read values from the characteristics of the custom service. When I try writing values to the characteristics, the nrf_connect application successfully bond with the DK, but I cannot write values to the characteristics anymore.
static void services_init(void) { ret_code_t err_code; nrf_ble_qwr_init_t qwr_init = {0}; ble_cus_init_t cus_init = {0}; // Initialize Queued Write Module. qwr_init.error_handler = nrf_qwr_error_handler; err_code = nrf_ble_qwr_init(&m_qwr, &qwr_init); APP_ERROR_CHECK(err_code); // Initialize CUS Service init structure to zero. cus_init.evt_handler = on_cus_evt; BLE_GAP_CONN_SEC_MODE_SET_OPEN(&cus_init.custom_value_char_attr_md.cccd_write_perm); BLE_GAP_CONN_SEC_MODE_SET_OPEN(&cus_init.custom_value_char_attr_md.read_perm); BLE_GAP_CONN_SEC_MODE_SET_OPEN(&cus_init.custom_value_char_attr_md.write_perm);
My questions are: Is this behavior expected? I am confused as to why BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM(&cccd_md.write_perm) does not restrict writing to the custom characteristic.
I didn't do any passkey testing yet, but if I later add a passkey can the user enter the passkey to gain access to service/characteristic read & write if I am using BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM?