This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

CC2540 BLE Authentication

Other Parts Discussed in Thread: CC2540

I am developing an application where a client need to receive notification of temperature values.

I want only an authenticated client to be able to ask for notification and I have accordingly marked  the notification attribute:

      // Characteristic 1 configuration
      {
        { ATT_BT_UUID_SIZE, clientCharCfgUUID }, // GATT_CLIENT_CHAR_CFG_UUID
         GATT_PERMIT_READ | GATT_PERMIT_AUTHEN_WRITE,
        0,
        (uint8 *)simpleProfileChar1Config
      },


I require a password for pairing:

  // Setup the GAP Bond Manager
  {
    uint32 passkey = 431323; // passkey "000000"
    uint8 pairMode = GAPBOND_PAIRING_MODE_WAIT_FOR_REQ;
    uint8 mitm = FALSE;
    uint8 ioCap = GAPBOND_IO_CAP_DISPLAY_ONLY;
    uint8 bonding = TRUE;
    GAPBondMgr_SetParameter( GAPBOND_DEFAULT_PASSCODE, sizeof ( uint32 ), &passkey );
    GAPBondMgr_SetParameter( GAPBOND_PAIRING_MODE, sizeof ( uint8 ), &pairMode );
    GAPBondMgr_SetParameter( GAPBOND_MITM_PROTECTION, sizeof ( uint8 ), &mitm );
    GAPBondMgr_SetParameter( GAPBOND_IO_CAPABILITIES, sizeof ( uint8 ), &ioCap );
    GAPBondMgr_SetParameter( GAPBOND_BONDING_ENABLED, sizeof ( uint8 ), &bonding );
  }

I also tried with mitm=FALSE with the same results.

When I use a Galaxy S5 to pair, the password is requested and the pairing is not completed if the password is wrong, as I expected.
When I use a PC software with Bluegiga BLED112 the pairing is completed even without giving the password. Further I can set the characteristic configuration to 01 00 and I actually start receiving the notifications.

Probably there is something wrong on the BLED112 side, but the final result is that with BLED112 I can pass through the CC2540 security.

  • Hi,

    In order for Passkey Pairing to work, the initiator (in this case) must indicate in the pairing request phase that it requests MITM & supports keyboard input capability. Otherwise, the protocol defaults to Just Works pairing. Since the passkey method works with the GS5, then likely your peripheral is setup correctly. You can confirm what the Bluegiga module is sending by taking a sniffer trace. If you see the pairing confirm messages and no passkey was supplied, then Just Works was used.

    For a more detailed explanation, please search this forum as there are numerous posts on this topic.

    Best wishes
  • I agree that there is something wrong on the BLED112 side; but let us assume BLED112 is the evil agent. So the connection ends up being just Encrypted, but not authenticated (the password is not given). I programmed the configuration characteristic as GATT_PERMIT_AUTHEN_WRITE, I would expect that a client that did not authenticate with a password should be prevented from writing it.
    Maybe I am missing something, like a callback function for allowing/forbidding access to attribute values.
    Alternatively I need a way to refuse not authenticated connections.