• State
  • Locked Locked
  • Replies 7 replies
  • Subscribers 52 subscribers
  • Views 3138 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

How to know when BLE link is encrypted?

Richard Dolf
Expert 2170 points

I'm using 2540 for both both central and peripheral roles.  Central initiates the connection, but the peripheral initiates security (GAPBOND_PAIRING_MODE_INITIATE).  Using the sniffer, I can see that the link is eventually encrypted, but regular traffic (read/write attributes) continues in the clear in parallel with security procedures.

The central device should hold off read/write of attributes until the link is encrypted, but how can the central know this event?

Central has registered callbacks with both the GAPBondMgr_Register() and GAPCentralRole_StartDevice(), but these callbacks do not indicate when encryption is complete.  In fact, the only gap callbacks central sees are GAP_LINK_ESTABLISHED_EVENT and GAP_SLAVE_REQUESTED_SECURITY_EVENT and no bonding callbacks are called at all.  Apparently, gapbondmgr.c thinks these callbacks are of interest only if the local device is initiating the pairing/bonding.

How can a central application detect when the link has been encrypted and its safe to begin data transfers?

TIA,

Richard

  • 0
    Genius 4125 points

    I have not tried this myself but as I understand there is a parameter for each attribute which can be configured to require encryption before a read or write procedure can be carried out. The constant values are:

    #define GATT_PERMIT_AUTHEN_READ 0x04 //!< Read requires Authentication
    #define GATT_PERMIT_AUTHEN_WRITE 0x08 //!< Write requires Authentication
    #define GATT_PERMIT_AUTHOR_READ 0x10 //!< Read requires Authorization
    #define GATT_PERMIT_AUTHOR_WRITE 0x20 //!< Write requires Authorization

    I am unsure what the difference between authentication and authorization - maybe someone can clarify

  • 0
    Intellectual 410 points

    Hi Richard,

    As you mentioned that you are registering your Bond Manager callbacks with GAPBondMgr_Register(). I think using pairStateCB callback you can track the pairing status for the central device.

    I think this will be helpful to you :

    static void CentralPairStateCB( uint16 connHandle, uint8 state, uint8 status )
    {
      if ( state == GAPBOND_PAIRING_STATE_STARTED )
      {
        // Pairing started
      }
      else if ( state == GAPBOND_PAIRING_STATE_COMPLETE )
      {
        if ( status == SUCCESS )
        {
          // Pairing success
        }
        else
        {
          // Pairing fail
        }
      }
      else if ( state == GAPBOND_PAIRING_STATE_BONDED )
      {
        if ( status == SUCCESS )
        {
          // Bonding success
        }
      }
    }

  • 0 in reply to Eng351
    Expert 2170 points

    I have tried to add GATT_PERMIT_AUTHEN_WRITE to one of the attributes, thinking like you that the stack might hold off the write until the link is authenticated, but in fact the result is a disconnect.

  • 0 in reply to Maulik K Patel
    Expert 2170 points

    Hi Maulik,

    As I mentioned in the original post, I have registered with GAPBondMgr_Register(), but in fact none of the callbacks are ever called.

    Richard

  • 0 in reply to Richard Dolf
    Expert 2170 points

    Upon examining GAPBondMgr_Register() code one see's the following:

             // Register with GATT Server App for event messages
             GATTServApp_RegisterForMsg( gapBondMgr_TaskID );

    The problem is that a central device is GATT client, so there is no GATT server running.  It seems that TI has unnecessarily conflated security with central/peripheral roles.

  • 0 in reply to Richard Dolf
    Intellectual 410 points

    Hi Richard,

    Did you checked the GlucoseCollector Example. I think the callbacks you need to register is not in GATTServApp_RegisterForMsg() function. You need to register the callbacks in GAPBondMgr_Register() function. This function takes two callbacks to register and that is

    typedef struct
    {
      pfnPasscodeCB_t     passcodeCB;       //!< Passcode callback
      pfnPairStateCB_t    pairStateCB;      //!< Pairing state callback
    } gapBondCBs_t;

    Here using the pairStateCB you can keep track of the status of pairing.

    I hope we both are on the same page. What I am getting is, you want to know that when the link is being encrypted by the master. pairStateCB can do this thing for you as far I know.

    Please checkout the GlucoseCollector example and glucCollCentralPairStateCB() for more details if we both are on same page.

    Best Regards,

    Maulik.

  • 0 in reply to Maulik K Patel
    Expert 2170 points

    Hi Maulik,

    Thanks for the suggestion, the Glucose examples were helpful.  

    Richard