• State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 62 subscribers
  • Views 3684 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 122513
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

CCCD Security Parameters

DerPMO

Hi y'all

after having successfully created my own service, similar to the Uart service, I'm now trying to implement security.

As far as I understood, best practice is to define the security level for the characteristics on the peripheral to force the central (smartphone) to start a bonding process and exchange keys etc.

I enabled #define SEC_PARAM_MITM 1 and used BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM on the characteristics but stumbled upon a problem.

When using BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM on the CCCD of the RX-like charactaristic, the Softdevice (S130) returns NRF_ERROR_INVALID_PARAM on calling sd_ble_gatts_characteristic_add

I googled intensively and finally came up with this, but I already had tried the settings under "Passkey bonding with keyboard capabilities"

Here is the complete code, mostly copied from the NUS example:

static uint32_t rx_char_add(ble_s1s_t * p_s1s, const ble_s1s_init_t * p_s1s_init)
{
ble_gatts_char_md_t char_md;
ble_gatts_attr_md_t cccd_md;
ble_gatts_attr_t    attr_char_value;
ble_uuid_t          ble_uuid;
ble_gatts_attr_md_t attr_md;

memset(&cccd_md, 0, sizeof(cccd_md));

//this throws NRF_ERROR_INVALID_PARAM
//BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM(&cccd_md.read_perm); 
//BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM(&cccd_md.write_perm);

//this works
BLE_GAP_CONN_SEC_MODE_SET_OPEN(&cccd_md.read_perm);
BLE_GAP_CONN_SEC_MODE_SET_OPEN(&cccd_md.write_perm);

cccd_md.vloc = BLE_GATTS_VLOC_STACK;

memset(&char_md, 0, sizeof(char_md));

char_md.char_props.notify = 1;
char_md.p_char_user_desc  = NULL;
char_md.p_char_pf         = NULL;
char_md.p_user_desc_md    = NULL;
char_md.p_cccd_md         = &cccd_md;
char_md.p_sccd_md         = NULL;

ble_uuid.type = p_s1s->uuid_type;
ble_uuid.uuid = BLE_UUID_S1S_RX_CHARACTERISTIC;

memset(&attr_md, 0, sizeof(attr_md));

BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM(&attr_md.read_perm);
BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM(&attr_md.write_perm);

attr_md.vloc    = BLE_GATTS_VLOC_STACK;
attr_md.rd_auth = 0;
attr_md.wr_auth = 0;
attr_md.vlen    = 1;

memset(&attr_char_value, 0, sizeof(attr_char_value));

attr_char_value.p_uuid    = &ble_uuid;
attr_char_value.p_attr_md = &attr_md;
attr_char_value.init_len  = sizeof(uint8_t);
attr_char_value.init_offs = 0;
attr_char_value.max_len   = BLE_S1S_MAX_RX_CHAR_LEN;

return sd_ble_gatts_characteristic_add(p_s1s->service_handle,
                                       &char_md,
                                       &attr_char_value,
                                       &p_s1s->rx_handles);
}

The ble_app_multirole_lesc example shows that the CCCD can be used with LESC & MITM, so why doesn't it work with my setup?

Is there any downside securitywise to not force encryption on the CCCD?

Related