cancel
Showing results for 
Search instead for 
Did you mean: 

Information related to Security permission flags in the aci_gatt_add_char function

MDari.1
Associate

Hi ST,

I am working with the NUCLEO-WB55 and we are adding some char in service but we don't know where we can find information for these fields

 * @param Security_Permissions Security permission flags.

 *    Flags:

 *    - 0x00: None

 *    - 0x01: AUTHEN_READ (Need authentication to read)

 *    - 0x02: AUTHOR_READ (Need authorization to read)

 *    - 0x04: ENCRY_READ (Need encryption to read)

 *    - 0x08: AUTHEN_WRITE (need authentication to write)

 *    - 0x10: AUTHOR_WRITE (need authorization to write)

 *    - 0x20: ENCRY_WRITE (need encryption to write)

We do not understand if we need to use it or not, could you share with us some information to understand the different options and what is the purpose of them.

Thanks.

Marcos

1 REPLY 1
Remi QUINTIN
ST Employee

Accessing characteristics depends on the way they are protected via the security level.

Assuming we have a characteristic created with properties READ and WRITE, then it is easy to access them if they are not protected after the discovery of services and characteristics

When the security permission is set to 'need encryption', ENCR_READ and ENCR_WRITE, an error (ACI_GATT_ERROR_RESP_EVENT) with error_code=0x0F (insufficient encryption) is returned if a client tries to read or write this characteristic.

Devices need to be paired and encryption started to enable a proper read and write access.

 When the Security permission is set to 'need authentication', then this security level is more restrictive than 'need encryption'.

In this case, the MITM_Mode parameter of the aci_gap_set_authentication_requirement function has te be set to 0x01: MITM protection required and a new pairing is required to be able to read/write the characteristic with 'need authentication'

Note that there is no need to set this MITM parameter and restart pairing to be able to read/write the characteristic with 'need encryption' only.

The usual way to use characteristic with 'need authorization' is:

-        After the connection_complete_event, the server sends the command aci_gap_set_authorization_requirement (for current connection handle).

-        The master initiates the pairing. When the pairing is complete, ACI_GAP_AUTHORIZATION_REQ_EVENT is generated on server side which sends aci_gap_authorization_resp(conn_handle, authorize).

-        Then the client can read/write the characteristic.