• State Verified Answer
  • Replies 3 replies
  • Subscribers 74 subscribers
  • Views 826 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 243344
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

porting s132 to s140 - understanding security management

astella

To the kind attention of Nordic support team,

I'm porting old code in order to use nRF52840 and s140 softdevice. During initialization of device information service I have old code using ble_dis_init_t  

that is defined in 

typedef struct
{
ble_srv_utf8_str_t manufact_name_str; /**< Manufacturer Name String. */
ble_srv_utf8_str_t model_num_str; /**< Model Number String. */
ble_srv_utf8_str_t serial_num_str; /**< Serial Number String. */
ble_srv_utf8_str_t hw_rev_str; /**< Hardware Revision String. */
ble_srv_utf8_str_t fw_rev_str; /**< Firmware Revision String. */
ble_srv_utf8_str_t sw_rev_str; /**< Software Revision String. */
ble_dis_sys_id_t * p_sys_id; /**< System ID. */
ble_dis_reg_cert_data_list_t * p_reg_cert_data_list; /**< IEEE 11073-20601 Regulatory Certification Data List. */
ble_dis_pnp_id_t * p_pnp_id; /**< PnP ID. */
ble_srv_security_mode_t dis_attr_md; /**< Initial Security Setting for Device Information Characteristics. */
}

ble_dis_init_t;

While the new definition of the same type is:

typedef struct
{
ble_srv_utf8_str_t manufact_name_str; /**< Manufacturer Name String. */
ble_srv_utf8_str_t model_num_str; /**< Model Number String. */
ble_srv_utf8_str_t serial_num_str; /**< Serial Number String. */
ble_srv_utf8_str_t hw_rev_str; /**< Hardware Revision String. */
ble_srv_utf8_str_t fw_rev_str; /**< Firmware Revision String. */
ble_srv_utf8_str_t sw_rev_str; /**< Software Revision String. */
ble_dis_sys_id_t * p_sys_id; /**< System ID. */
ble_dis_reg_cert_data_list_t * p_reg_cert_data_list; /**< IEEE 11073-20601 Regulatory Certification Data List. */
ble_dis_pnp_id_t * p_pnp_id; /**< PnP ID. */
security_req_t dis_char_rd_sec; /**< Security requirement for reading any DIS characteristic value. */
}

ble_dis_init_t;

May you please explain to me how old instructions:

BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM(&dis_init_obj.dis_attr_md.read_perm); // do {(ptr)->sm = 1; (ptr)->lv = 2;} while(0)
BLE_GAP_CONN_SEC_MODE_SET_NO_ACCESS(&dis_init_obj.dis_attr_md.write_perm); // do {(ptr)->sm = 0; (ptr)->lv = 0;} while(0)

map to new framework? Now there is security_req_t dis_char_rd_sec; /**< Security requirement for reading any DIS characteristic value. */

typedef enum
{
SEC_NO_ACCESS = 0, /**< Not possible to access. */
SEC_OPEN = 1, /**< Access open. */
SEC_JUST_WORKS = 2, /**< Access possible with 'Just Works' security at least. */
SEC_MITM = 3, /**< Access possible with 'MITM' security at least. */
SEC_SIGNED = 4, /**< Access possible with 'signed' security at least. */
SEC_SIGNED_MITM = 5 /**< Access possible with 'signed and MITM' security at least. */
}security_req_t;

So it is ok to set dis_char_rd_sec only? The write part is by default 0? What is in the new enum something that has got the old BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM

meaning?

Is there a low level guide that helps understanding these things? Should be the case, may you please help me to reach it?

Thank you for all your kindness

Parents
  • +1

    Hi,

    Instead of

    BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM(&dis_init_obj.dis_attr_md.read_perm); // do {(ptr)->sm = 1; (ptr)->lv = 2;} while(0)
BLE_GAP_CONN_SEC_MODE_SET_NO_ACCESS(&dis_init_obj.dis_attr_md.write_perm); // do {(ptr)->sm = 0; (ptr)->lv = 0;} while(0)


    now you only need to set e.g.

    dis_init.dis_char_rd_sec = SEC_OPEN;
    So it is ok to set dis_char_rd_sec only?

     Yes.

    The write part is by default 0?

     Yes. write is now SEC_NO_ACCESS.

    What is in the new enum something that has got the old BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM

     If you need "BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM", set it to

    dis_init.dis_char_rd_sec = SEC_JUST_WORKS;

    Here is the mapping:

        switch (level)
    {
        case SEC_NO_ACCESS:
            BLE_GAP_CONN_SEC_MODE_SET_NO_ACCESS(p_perm);
        break;
        case SEC_OPEN:
            BLE_GAP_CONN_SEC_MODE_SET_OPEN(p_perm);
        break;
        case SEC_JUST_WORKS:
            BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM(p_perm);
        break;
        case SEC_MITM:
            BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM(p_perm);
        break;
        case SEC_SIGNED:
            BLE_GAP_CONN_SEC_MODE_SET_SIGNED_NO_MITM(p_perm);
        break;
        case SEC_SIGNED_MITM:
            BLE_GAP_CONN_SEC_MODE_SET_SIGNED_WITH_MITM(p_perm);
        break;
    }

Reply
  • +1

    Hi,

    Instead of

    BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM(&dis_init_obj.dis_attr_md.read_perm); // do {(ptr)->sm = 1; (ptr)->lv = 2;} while(0)
BLE_GAP_CONN_SEC_MODE_SET_NO_ACCESS(&dis_init_obj.dis_attr_md.write_perm); // do {(ptr)->sm = 0; (ptr)->lv = 0;} while(0)


    now you only need to set e.g.

    dis_init.dis_char_rd_sec = SEC_OPEN;
    So it is ok to set dis_char_rd_sec only?

     Yes.

    The write part is by default 0?

     Yes. write is now SEC_NO_ACCESS.

    What is in the new enum something that has got the old BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM

     If you need "BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM", set it to

    dis_init.dis_char_rd_sec = SEC_JUST_WORKS;

    Here is the mapping:

        switch (level)
    {
        case SEC_NO_ACCESS:
            BLE_GAP_CONN_SEC_MODE_SET_NO_ACCESS(p_perm);
        break;
        case SEC_OPEN:
            BLE_GAP_CONN_SEC_MODE_SET_OPEN(p_perm);
        break;
        case SEC_JUST_WORKS:
            BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM(p_perm);
        break;
        case SEC_MITM:
            BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM(p_perm);
        break;
        case SEC_SIGNED:
            BLE_GAP_CONN_SEC_MODE_SET_SIGNED_NO_MITM(p_perm);
        break;
        case SEC_SIGNED_MITM:
            BLE_GAP_CONN_SEC_MODE_SET_SIGNED_WITH_MITM(p_perm);
        break;
    }

Children
Related
Terms of service