FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to require encrypted notifications in STM32_WPAN

crwper
Senior

‎2024-05-06 07:35 PM

In `ble_defs.h`, we have the following security permissions for attributes:

/* Security permissions for an attribute
 */
#define ATTR_PERMISSION_NONE           0x00U /* No security. */
#define ATTR_PERMISSION_AUTHEN_READ    0x01U /* Need authentication to read */
#define ATTR_PERMISSION_AUTHOR_READ    0x02U /* Need authorization to read */
#define ATTR_PERMISSION_ENCRY_READ     0x04U /* Need encryption to read */
#define ATTR_PERMISSION_AUTHEN_WRITE   0x08U /* Need authentication to write */
#define ATTR_PERMISSION_AUTHOR_WRITE   0x10U /* Need authorization to write */
#define ATTR_PERMISSION_ENCRY_WRITE    0x20U /* Need encryption to write */

In particular, we have permissions to ensure ecryption of read and write operations, but no permissions to ensure encryption for notification, indication, or write-without-response.

If I create a characteristic with the write-without-response property and the encrypted write permission, then performing a write-without-response operation on that characteristic does not seem to trigger an "insufficient encryption" error on the central device and therefore does not trigger a pairing request on iOS.

However, if I create the same characteristic with the write property and the encrypted write permission, performing a write operation *does* trigger an "insufficient encryption" error and pairing request.

This makes me think the ATTR_PERMISSION_ENCRY_WRITE permission does not apply to write-without-response.

So, I am wondering how we can ensure that a particular notification, indication, or write-without-response is encrypted.

Thanks!

Labels:
0 Kudos
2 REPLIES 2
STTwo-32
ST Employee

‎2024-06-02 10:10 AM

Hello @crwper 

I'm not able to understand this behavior. Could you please explain more about it.

Best Regards.

STTwo-32 

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

0 Kudos
crwper
Senior
In response to STTwo-32

‎2024-06-12 09:20 AM

I suppose the question is this: The flags in `ble_defs.h` only allow me to require encryption for "read" and/or "write" operations. But Bluetooth specifies several different ways we can interact with a characteristic, which STM32_WPAN refers to as:

  • Read
  • Write without response
  • Write
  • Notify
  • Indicate

So there are 5 ways to interact with the characteristic, but only 2 flags to control encryption requirements. I can think of two ways to look at this. First, the flags in `ble_defs.h` might refer to a broader category of interaction, e.g.:

  • `ATTR_PERMISSION_ENCRY_READ` requires encryption for read, notify, and indicate operations
  • `ATTR_PERMISSION_ENCRY_WRITE` requires encryption for write with/without response operations

Or, second, they might refer to specific STM32_WPAN operations, e.g.:

  • `ATTR_PERMISSION_ENCRY_READ` requires encryption for the STM32_WPAN "read" operation
  • `ATTR_PERMISSION_ENCRY_WRITE` requires encryption for the STM32_WPAN "write" operation
  • But then how do we require encryption for "write without response", "notify", and "indicate" operations?

I suspect the first option is the correct one, but wanted to confirm rather than assuming this is the case.

0 Kudos
Top