• State Not Answered
  • Replies 8 replies
  • Subscribers 74 subscribers
  • Views 1053 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 310695
Options

I set IRK on Zephyr and it seems to keep the same mac address(after bonding), why?

BenSiso

Hi all,
Since we dont need to worry about privacy I am trying to turn off the IRK.

My setup:
central side : pcb-ble-driver, typescript central.
peripheral side: zephyr with ncs 2.2.0

we are moving from nrf5 to zephyr (ncs 2.2.0) and we are willing to add in bleadapter -> authenticate MITM + LESC so I set :
as u can read I set IRK (aka id:true) to support IRK

    const secParamsCentral: SecurityParameters = {
      bond: true,
      mitm: true,
      lesc: true,
      keypress: false,
      // eslint-disable-next-line camelcase
      io_caps: this.adapter.driver.BLE_GAP_IO_CAPS_KEYBOARD_ONLY,
      oob: false,
      // eslint-disable-next-line camelcase
      min_key_size: 7,
      // eslint-disable-next-line camelcase
      max_key_size: 16,
      // eslint-disable-next-line camelcase
      kdist_own: {
        enc: true /** Long Term Key and Master Identification. */,
        id: true /** Identity Resolving Key and Identity Address Information. */,
        sign: false /** Connection Signature Resolving Key. */,
        link: false /** Derive the Link Key from the LTK. */,
      },
      // eslint-disable-next-line camelcase
      kdist_peer: {
        enc: true /** Long Term Key and Master Identification. */,
        id: true /** Identity Resolving Key and Identity Address Information. */,
        sign: false /** Connection Signature Resolving Key. */,
        link: false /** Derive the Link Key from the LTK. */,
      },
    };

On peripheral I set :

CONFIG_BT_PRIVACY=y


(just for testing purpose)

Central and peripheral paired and bonded successfully (with MITM+LESC).
Later on, I opened nrf connect and choose ble app, and I have noticed that the mac address of the peripheral stayed the same.
I also tried(since we dont need irk) to set CONFIG_BT_PRIVACY=n , but on central id= true -> so on authenticate central will still demand  privacy protection(IRK) BUT the mac address of the peripheral was the same.

Does ncs 2.2.0 support IRK?
Will it be like that in the future?

Thank you!
Ben
  • 0 in reply to BenSiso
    BenSiso said:
    Already set to no by default, and I still receive the all zeroes LTK unless you set ID:true in the central (which is IRK I think)

    I think I missed the question in your previous message.

    Is the problem that you were unable to disable IRK?

  • 0 in reply to Sigurd Hellesvik

    Hi 
    We have 2 products, the first one is central(build in typescript and using PC-BLE-DRIVER repo). The other product is build on softdevice(c).

    The two communicate with each other over ble.

    Since we dont need IRK, we set on central side: 
    "id: false /** Identity Resolving Key and Identity Address Information. */,"

    But sec level 4 not working (we are getting zero in the ltk array).

    Only when we set id:true it working as expected. 

    What we are doing wrong ?

    const secParamsCentral: SecurityParameters = {
      bond: true,
      mitm: true,
      lesc: true,
      keypress: false,
      // eslint-disable-next-line camelcase
      io_caps: this.adapter.driver.BLE_GAP_IO_CAPS_KEYBOARD_ONLY,
      oob: false,
      // eslint-disable-next-line camelcase
      min_key_size: 7,
      // eslint-disable-next-line camelcase
      max_key_size: 16,
      // eslint-disable-next-line camelcase
      kdist_own: {
        enc: true /** Long Term Key and Master Identification. */,
        id: true /** Identity Resolving Key and Identity Address Information. */,
        sign: false /** Connection Signature Resolving Key. */,
        link: false /** Derive the Link Key from the LTK. */,
      },
      // eslint-disable-next-line camelcase
      kdist_peer: {
        enc: true /** Long Term Key and Master Identification. */,
        id: true /** Identity Resolving Key and Identity Address Information. */,
        sign: false /** Connection Signature Resolving Key. */,
        link: false /** Derive the Link Key from the LTK. */,
      },
    };


  • 0 in reply to BenSiso

    Hi Ben, 

    I think can be a bug in LESC that it require privacy to allow LESC. 

    Can you capture a sniffer trace  ?

    Could you check if you can reproduce the issue using 2 samples in NCS ? 

    Please be aware that even with CONFIG_BT_PRIVACY =y 

    but if you use BT_LE_ADV_OPT_USE_IDENTITY when advertising, the MAC address will not change. 

Related
Terms of service