Hi y'all
after having successfully created my own service, similar to the Uart service, I'm now trying to implement security.
As far as I understood, best practice is to define the security level for the characteristics on the peripheral to force the central (smartphone) to start a bonding process and exchange keys etc.
I enabled #define SEC_PARAM_MITM 1
and used
BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM
on the characteristics but stumbled upon a problem.
When using BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM
on the CCCD of the RX-like charactaristic, the Softdevice (S130) returns NRF_ERROR_INVALID_PARAM
on calling sd_ble_gatts_characteristic_add
I googled intensively and finally came up with this, but I already had tried the settings under "Passkey bonding with keyboard capabilities"
Here is the complete code, mostly copied from the NUS example:
static uint32_t rx_char_add(ble_s1s_t * p_s1s, const ble_s1s_init_t * p_s1s_init)
{
ble_gatts_char_md_t char_md;
ble_gatts_attr_md_t cccd_md;
ble_gatts_attr_t attr_char_value;
ble_uuid_t ble_uuid;
ble_gatts_attr_md_t attr_md;
memset(&cccd_md, 0, sizeof(cccd_md));
//this throws NRF_ERROR_INVALID_PARAM
//BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM(&cccd_md.read_perm);
//BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM(&cccd_md.write_perm);
//this works
BLE_GAP_CONN_SEC_MODE_SET_OPEN(&cccd_md.read_perm);
BLE_GAP_CONN_SEC_MODE_SET_OPEN(&cccd_md.write_perm);
cccd_md.vloc = BLE_GATTS_VLOC_STACK;
memset(&char_md, 0, sizeof(char_md));
char_md.char_props.notify = 1;
char_md.p_char_user_desc = NULL;
char_md.p_char_pf = NULL;
char_md.p_user_desc_md = NULL;
char_md.p_cccd_md = &cccd_md;
char_md.p_sccd_md = NULL;
ble_uuid.type = p_s1s->uuid_type;
ble_uuid.uuid = BLE_UUID_S1S_RX_CHARACTERISTIC;
memset(&attr_md, 0, sizeof(attr_md));
BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM(&attr_md.read_perm);
BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM(&attr_md.write_perm);
attr_md.vloc = BLE_GATTS_VLOC_STACK;
attr_md.rd_auth = 0;
attr_md.wr_auth = 0;
attr_md.vlen = 1;
memset(&attr_char_value, 0, sizeof(attr_char_value));
attr_char_value.p_uuid = &ble_uuid;
attr_char_value.p_attr_md = &attr_md;
attr_char_value.init_len = sizeof(uint8_t);
attr_char_value.init_offs = 0;
attr_char_value.max_len = BLE_S1S_MAX_RX_CHAR_LEN;
return sd_ble_gatts_characteristic_add(p_s1s->service_handle,
&char_md,
&attr_char_value,
&p_s1s->rx_handles);
}
The ble_app_multirole_lesc example shows that the CCCD can be used with LESC & MITM, so why doesn't it work with my setup?
Is there any downside securitywise to not force encryption on the CCCD?