Hi,
我在一个心率传感器的应用程序,我已经把一个应用程序,这是工作得很好。也就是说,我可以连接和查看人力资源使用任何标准的android BLE应用程序。
为此,我将基本开发工具包用作外围设备从属设备。
现在,我想添加一些安全性,以便只有具有pin的用户才能连接到外围设备。我知道这很容易受到暴力攻击,但没关系。
These are the changes I have made for the same.
void app_sec_init_func(void)
{
#if (BLE_APP_SEC)
app_sec_env.auth = (GAP_AUTH_REQ_MITM_BOND);
#结束
}
void app\u send\u pairing\u rsp\u func(结构gapc\u bond\u req\u ind*参数)
{
struct gapc_bond_cfm* cfm = KE_MSG_ALLOC(GAPC_BOND_CFM, KE_BUILD_ID(TASK_GAPC, app_env.conidx), TASK_APP, gapc_bond_cfm);
cfm->request = GAPC_PAIRING_RSP;
cfm->accept = true;
// OOB information
cfm->data.u专长.oob=GAP\u oob\u AUTH\u DATA\u NOT\u存在;
// Encryption key size
cfm->data.u专长.key\u size=密钥长度;
//IO功能
cfm->data.u专长.iocap=仅显示间隙\IO\CAP\u;
// Authentication requirements
cfm->data.u专长.auth=间隙认证要求;
//Security requirements
cfm - > data.pairing_feat。sec_req = GAP_SEC1_AUTH_PAIR_ENC;
//启动器密钥分发
cfm->data.u专长.ikey\u dist=间隙\u KDIST\u ENCKEY;
//Responder key distribution
cfm - > data.pairing_feat。rkey_dist = GAP_KDIST_ENCKEY;
ke_msg_send(cfm);
}
Since cfm->data.pairing_feat.iocap = GAP_IO_CAP_DISPLAY_ONLY;, the Android device is supposed to pop up a keyboard to enter the pin when pairing.
When a bonding request is received, the app_send_tk_exch_func() should be called which will set the static pin.
现在,android当我尝试使用android设备配对时,android设备只是说键不匹配,没有弹出键盘。另外,对于这种情况,我没有得到GAPC\u TK\u EXCH request GAPC\u bond\u req\u ind\u handler()。
Just to check, if I change to cfm->data.pairing_feat.iocap = GAP_IO_CAP_KB_ONLY;,then when pairing Android device shows the random pairing code which should be entered on peripheral slave(as expected). However, this is not what I need.
Can you please tell me what could be wrong?
提前谢谢。
Hi,
Anyone with any info on this?
当做,
阿什温
嗨,阿什温,一个小组的人明天会开始看这个。BR JE\u对话框
Hi Ashwin Rao
如果我理解正确,您希望使用主机(手机)键盘输入的密钥连接到您的设备。那么,您可以尝试将主机的IO d U功能更改为“仅键盘”以实现类似的功能。设备的IO功能应该是NoInput/NoOutput,因为设备没有任何按钮,并且PIN码是固定的。你提到的“显示功能”我不认为会迫使android设备显示键盘。
Thanks MT_dialog
Hi,
Thanks for the response.
According to
https://developer.bluetooth.org/TechnologyOverview/Pages/LE-Security.aspx
The settings that I have mentioned is correct.
In your post, you have mentioned "The device’s IO Capabilities should be NoInput/NoOutput since the device isn’t going to have any buttons and the PIN number would be fixed."
但是根据上面的链接,如果这样做了,那么just works身份验证模式将被使用,这不是我需要的。
Hi Ashwin Rao
I m going to send you something offline, please have a look, i hope it will help you.
Thanks MT_dialog
我在读这个post looking for help/hints on how I might be able to do something like this:
--在外设上,按下一个按钮,在接下来的2秒钟内,广播并允许任何正在扫描的android设备连接(查找我的服务的UUID)。
--一旦建立了这种联系,关闭braodcasting,现在在将来,只允许android设备重新连接而不需要按下按钮。
--This seems pretty straightforward, but I cannot find any good suggestions on how to do this.
--I already have everything else in the peripheral working, just want to add this in.
I should mention to you guys at Dialog that it might be much more helpful and save you a lot of work if wherever possible, you answer questions FULLY in the forums. Much of the posts that I have read over time here are unanswered, the final post being from a Dialog moderator who says something like "I'm going to send you something offline...." I realize that sometimes there is no easy answer to the many questions that you guys get, but it does us all very little good to run into a bunch of dead ends.
嗨,克里姆,谢谢你的帮助feedback. I agree that it's not ideal to take things offline : sometimes its necessary (as the length / complexity of the issue means it cannot be dealt with on here) but overall your sentiments are correct and appreciated : the more online the better. I'll have one of the team look into your requirements and we'll feedback.
Thanks &BR JE_Dialog
谢谢你的对话,我很高兴你没有看到这是一个负面评论,这是不应该的。我会一直盯着这条线看你们有没有什么东西能给我指出正确的方向。
嗨,Klim9531,我们最初的想法是:
你需要区分android和iOS设备吗?
This could be built from the keyboard reference design (stripped down). We have an internal note on the whitelisting that we can share (this shows how to add a device to white-list , which effectively will make a list of known connections and only connect to those that are whitelisted).
BR JE_Dialog
Hi JE_Dialog,
Thanks for the input, here is some clarification:
--不管客户端设备是Android还是iOS(我目前有一个功能齐全的Android应用程序与设备接口,我打算很快构建一个iOS应用程序)。android应用程序会扫描广告设备,如果它找到一个与我的名字/服务相同的设备,我就会开始数据传输。本设计是基于串口服务的应用程序。
Your idea about. getting the device's Bluetooth Address and whitelisting it in the DA14580 seems right on target with my needs. This is my desired sequence:
1DA14580已通电,以前从未连接到对等设备(Android或iOS)。
2用户按下DA14580上的按钮(重置白名单,但是第一次通电时该名单为空)。
3. User starts Android/iOS app, for 2.5 seconds the app begins scanning for any BT devices, finds my named service, and begins bi-directional communication (this part is currently working).
4. DA14580 queries the Android/iOS device and acquires a BD address, then stores that address in a whitelist.
5. Communication continues until DA14580 is powered down.
6. Upon restart of the DA14580, it will now ONLY ALLOW communication with the device which is in the whitelist.
7. If the button on the DA14580 is pressed again, the Android/iOS device in the whitelist is purged, and the DA14580 repeats the above starting at #2.
If you can post a link to Dialog's internal note on whitelisting --how to query the device, then add its BD address to a whitelist-- then that would help me sort this out.
I will wait for your reply and while doing so, look at the keyboard reference design.
Thanks for your help, klim9531
对话,
这正是我希望对SPS所做的。你能谈谈这是怎么解决的吗?
谢谢,
富有的
Hi Richard,
请检查你以前的帖子,我相信它会涵盖你的问题。
https://support.dialog semiconductor.com/forums/post/dialog-smartbond-bl。。。
Thanks MT_dialog