CCS/LAUNCHXL-CC2640R2: Two services on the same chip

Hi Alfredo,

I have assigned an expert to help you.

Best Regards,

Jenny

Hi Alfredo,

You're gonna have to be more clear with what you mean by "services". Services in BLE refer to GATT services, which you can certainly have multiple of. These are what contains your GATT characteristics. However, Simple_Peripheral and Project_Zero are full projects, which will both include a list of services. It is possible to merge two projects, however it is not a simple task and can be impossible depending on which two projects you are referring to. 

Please clarify what you are looking for and I will help however I can.

Best Regards,
Alec

Hi Alfredo,

You can certainly accomplish that. If you haven't already, I would recommend going through some of the SimpleLink Academy Trainings below, as they will generally be helpful from the sounds of what you are looking to accomplish. 

I believe the easiest way to accomplish what you are looking for is to establish a callback for your unsecure (in terms of not knowing the password, still use ENCRYPT requirement here) characteristic, setting a variable in your application, and then using GATT_PERMIT_AUTHOR_READ/WRITE. These types of characteristics require Authorization (not to be confused with Authentication) which means that the decision whether they can/can not be read/wrote is passed to the application. This would allow your application to decide whether they have entered the password and should be given access.

Custom Profiles:
https://dev.ti.com/tirex/explore/content/simplelink_academy_cc2640r2sdk_4_30_01_00/modules/blestack/ble_01_custom_profile/ble_01_custom_profile.html#introduction

Security Fundamentals:

https://dev.ti.com/tirex/explore/content/simplelink_academy_cc2640r2sdk_4_30_01_00/modules/blestack/ble_02_security/ble_02_sec_basics.html#introduction

Best Regards,
Alec

Hi Alec,

Your answer is too generic for me, I explained my case study above. In any case I tried to implements a solution, please tell me your opinion if it can works.

Related to GAP Bond I think (correct me if in your opinion is wrong), my configuration is in order to don't ask pairing by my application because in this case I don't have a password, but this is on a GATT service unprotect and need to read. So I have:

    uint8_t pairMode = GAPBOND_PAIRING_MODE_WAIT_FOR_REQ;

    uint8_t ioCap = GAPBOND_IO_CAP_DISPLAY_ONLY;

    uint8_t bonding = FALSE;

    uint8_t mitm = TRUE;

    GAPBondMgr_SetParameter(GAPBOND_PAIRING_MODE, sizeof(uint8_t), &pairMode);
    GAPBondMgr_SetParameter(GAPBOND_MITM_PROTECTION, sizeof(uint8_t), &mitm);
    GAPBondMgr_SetParameter(GAPBOND_IO_CAPABILITIES, sizeof(uint8_t), &ioCap);
    GAPBondMgr_SetParameter(GAPBOND_BONDING_ENABLED, sizeof(uint8_t), &bonding);

About the GATT, I configured for example as the followings:

UNPROTECTED:

    // Passcode Characteristic Declaration
    {
      { ATT_BT_UUID_SIZE, characterUUID },
      GATT_PERMIT_READ,
      0,
      &SimpleStreamServer_PasscodeProps
    },
      // Passcode Characteristic Value
      {
        { ATT_UUID_SIZE, SimpleStreamServer_PasscodeUUID },
        GATT_PERMIT_READ,
        0,
        SimpleStreamServer_PasscodeVal
      },

PROTECTED:

    // DataIn Characteristic Declaration
    {
      { ATT_BT_UUID_SIZE, characterUUID },
      GATT_PERMIT_READ,
      0,
      &SimpleStreamServer_DataInProps
    },
      // DataIn Characteristic Value
      {
        { ATT_UUID_SIZE, SimpleStreamServer_DataInUUID },
        GATT_PERMIT_ENCRYPT_WRITE,
        0,
        SimpleStreamServer_DataInVal
      },

Give me a feedback.

For your answer I don't understand how is possible to implements, if you can help me I would be grateful.

Regards,

Alfredo

Alfredo,

If I am understanding your use case properly, you want the first one to be GATT_PERMIT_ENCRYPT_READ | GATT_PERMIT_ENCRYPT_WRITE and your second one to be GATT_PERMIT_AUTHOR_READ | GATT_PERMIT_AUTHOR_WRITE. 

This will ensure that your connection is encrypted when you enter the password, and then you can do the authorization for the characteristics that require the password.

Best Regards,
Alec

Alec,

I don't want protect the first one, I want only read the SimpleStreamServer_PasscodeVal, because this variable have an encrypted password that my custom central application can decrypt… (e.g.: by using AES...) so I can use this password to acces to the second variable SimpleStreamServer_DataInVal that permit to the user to do a write. So why you want to use GATT_PERMIT_AUTHOR_READ | GATT_PERMIT_AUTHOR_WRITE? What is the differencies between AUTHOR and ENCRYPT?

And another question I have: I have 3 GATT, 1 unprotect as above and want not 1 but 2 protected, if I can access to 1 protect by password, is necessary to put again the password on the second GATT protected?

Best Regards,

Alfredo

Hi Alfredo,

In that case, you would want the first to be GATT_PERMIT_READ | GATT_PERMIT_WRITE. AUTHOR means that it uses a callback to your application, and your APPLICATION decides whether access is allowed, while ENCRYPT just ensure you are paired with an encrypted connection. You can see some discussion on how to use AUTHOR in the link below.

https://dev.ti.com/tirex/explore/content/simplelink_cc2640r2_sdk_4_30_00_08/docs/blestack/ble_user_guide/html/ble-stack-3.x/gatt.html#authorization


Best Regards,
Alec

Hi Alec,

as you explain AUTHOR is not a good solution for me, because I need of a encrypted connection, so I can also put AUTHOR|ENCRYPT but I think is redundand protection, because if I don't have a correct passcode I can't access to protected characteristics.

Eventually criteria on authorization should be based on correct passcode, and ENCRYPT does just that! Are you agree with me?

Regards,

Alfredo