How to pair and bond with a static passkey?

I developed a project that using static passkey to pair and bond with nRF SDK17.

It be fulfilled by the follow way:

//write static passkey	
	m_static_pin_option.gap_opt.passkey.p_passkey = passkey;
	err_code =  sd_ble_opt_set(BLE_GAP_OPT_PASSKEY, &m_static_pin_option);
	APP_ERROR_CHECK(err_code);
//pair with MITM and check the passkey from phone
    #define  SEC_PARAM_BOND  1
    #define  SEC_PARAM_MITM  1
    #define  SEC_PARAM_LESC  0
    #define  SEC_PARAM_KEYPRESS  0
    #define  SEC_PARAM_IO_CAPABILITIES   BLE_GAP_IO_CAPS_DISPLAY_ONLY 
    #define  SEC_PARAM_OOB  0
    #define  SEC_PARAM_MIN_KEY_SIZE  7
    #define  SEC_PARAM_MAX_KEY_SIZE  16
    
    m_sec_param.bond           = SEC_PARAM_BOND;
    m_sec_param.mitm           = SEC_PARAM_MITM;
    m_sec_param.lesc           = SEC_PARAM_LESC;
    m_sec_param.keypress       = SEC_PARAM_KEYPRESS;
		m_sec_param.io_caps        = BLE_GAP_IO_CAPS_DISPLAY_ONLY;
    m_sec_param.oob            = SEC_PARAM_OOB;
    m_sec_param.min_key_size   = SEC_PARAM_MIN_KEY_SIZE;
    m_sec_param.max_key_size   = SEC_PARAM_MAX_KEY_SIZE;
    m_sec_param.kdist_own.enc  = 1;
    m_sec_param.kdist_own.id   = 1;
    m_sec_param.kdist_peer.enc = 1;
    m_sec_param.kdist_peer.id  = 1;
		
    err_code = pm_sec_params_set(&m_sec_param);
    APP_ERROR_CHECK(err_code);

However,when I turn to NCS,I don't know how to fulfill it.

I used the hid_mouse sample but it just push the button to confirm the bond.

How can I use the passkey to do the MITM protect?

Parents
  • Hello,

    Please see this API:
    https://docs.nordicsemi.com/bundle/ncs-2.7.99-cs1/page/zephyr/connectivity/bluetooth/api/connection_mgmt.html#c.bt_passkey_set

    As you can see from the description, you need to set CONFIG_BT_FIXED_PASSKEY=y for this API to work. 

    Also note that using a fixed/static passkey doesn't really provide any real security. It is possible to brute force relatively easily, and it is also possible to sniff/capture and crack it later. Adding LESC on top of a static passkey will increase the security though, since the sniffer can't pick up the Diffie Hellman keys (used in LESC). 

    But that being said, the security risk of a BLE mouse is relatively low. Even though someone would be able to listen in, the value of the data from a mouse is relatively low, which is why it usually doesn't use a (non-static) passkey in the first place. 

    A fixed passkey does however make it easier for the user to know that they connect to the correct device, since a normal user would see that they are able to use e.g. a 6-digit key printed on a sticker somewhere. 

    Best regards,

    Edvin

  • Hi,

    I already set CONFIG_BT_FIXED_PASSKEY=y and use bt_passkey_set() to set the static passkey.

    But I think the relevant code that I used is misfit to the way that use the passkey.

    I imitate the hid_mouse that use bt_conn_auth_cb_register() and bt_conn_auth_info_cb_register() to replace the peer_manager in nRF SDK17.

    I think it is the issue that even CONFIG_BT_FIXED_PASSKEY=y and bt_passkey_set() be used,the pairing show in my phone still display a 8 length passkey and confirm 、cancal button rather than a input box just like this:

    And that's what I want to achieve:

  • So you want to input the key on the phone, right?

    Where do you currently call bt_passkey_set()? And what does it return?

    Best regards,

    Edvin

  • Yes,Icall bt_passkey_set() at the main function but I didn't care what has been returned.Maybe the error happened here?but it seem work normally

  • int main(void) int主要(空白) int主要(空白) int主要(空白) int主要(空白) int主要(空白) int主要(空白)

    {

      int err; int犯错; int犯错; int犯错; int犯错; int犯错; int犯错;

      uint32_t blink_status = 0;

      struct dm_init_param init_param; struct dm_init_param;struct dm_init_param;struct dm_init_param;struct dm_init_param;struct dm_init_param;struct dm_init_param;

     

      printk("1202 Start\n"); printk(“1202年开始\ n”); printk(“1202年开始\ n”); printk(“1202年开始\ n”); printk(“1202年开始\ n”); printk(“1202年开始\ n”); printk(“1202年开始\ n”);

     

      if (!device_is_ready(uart)) 如果(! device_is_ready (uart))如果(! device_is_ready (uart))如果(! device_is_ready (uart))如果(! device_is_ready (uart))如果(! device_is_ready (uart))如果(! device_is_ready (uart))

      {

     printk("UART device not ready\r\n"); printk("UART设备未就绪\r\n");printk("UART设备未就绪\r\n");printk("UART设备未就绪\r\n");printk("UART设备未就绪\r\n");printk("UART设备未就绪\r\n");printk("UART设备未就绪\r\n");

     return 1 ; 返回1; 返回1; 返回1; 返回1; 返回1; 返回1;

      }

      

    int main(void)
    {
    	int err;
    	uint32_t blink_status = 0;
    	struct dm_init_param init_param;
    
    	printk("1202 Start\n");
    
    	if (!device_is_ready(uart))
    	{
    		printk("UART device not ready\r\n");
    		return 1 ;
    	}
    	
    	err = uart_callback_set(uart,uart_cb,NULL);
    	if (err)
    	{
    		return err;
    	}
    
    	err = dk_leds_init();
    	if (err) {
    		printk("LEDs init failed (err %d)\n", err);
    		return 0;
    	}
    
    	err = bt_passkey_set(pairing_passkey);
    	if(err){
    		printk("passkey set failed(err %d)\n",err);
    		return 0;
    	}
    
    	err = bt_conn_auth_cb_register(&conn_auth_callbacks);
    	if (err) {
    		printk("Failed to register authorization callbacks.\n");
    		return 0;
    	}
    
    	err = bt_conn_auth_info_cb_register(&conn_auth_info_callbacks);
    	if (err) {
    		printk("Failed to register authorization info callbacks.\n");
    		return 0;
    	}
    
    	err = peer_init();
    	if (err) {
    		printk("Peer init failed (err %d)\n", err);
    		return 0;
    	}
    
    	init_param.cb = &dm_cb;
    
    	err = dm_init(&init_param);
    	if (err) {
    		printk("Distance measurement init failed (err %d)\n", err);
    		return 0;
    	}
    
    	hid_init();
    
    	err = bt_enable(NULL);
    	if (err) {
    		printk("Bluetooth init failed (err %d)\n", err);
    		return 0;
    	}
    
    	k_work_init(&pairing_work, pairing_process);
    
    	if (IS_ENABLED(CONFIG_SETTINGS)) {
    		settings_load();
    	}
    
    	namecat();
    	
    	err = bt_set_name(name);
    	if (err)
    	{
    		printk("Name set failed (err %d)\n",err);
    		return 0;
    	}
    	
    
    	err = bt_sync_init();
    	if (err) {
    		printk("Synchronisation init failed (err %d)\n", err);
    		return 0;
    	}
    
    	for (;;) {
    		dk_set_led(RUN_STATUS_LED, (++blink_status) % 2);
    		k_sleep(K_MSEC(RUN_LED_BLINK_INTERVAL));
    	}
    }

  • The location of bt_passkey_set() as above.The application run normally before pairing.And I debugged to check the return value of bt_passkey_set() and the num is zero that mean set success.

    I think the issue due to conn_auth_callbacks.I'm not familiar with it.So I just copy it from hid_mouse.And the passkey_confirm is high priority, so i'm failed to use passkey.

    If there have some samples use passkey to pairing?

Reply
  • The location of bt_passkey_set() as above.The application run normally before pairing.And I debugged to check the return value of bt_passkey_set() and the num is zero that mean set success.

    I think the issue due to conn_auth_callbacks.I'm not familiar with it.So I just copy it from hid_mouse.And the passkey_confirm is high priority, so i'm failed to use passkey.

    If there have some samples use passkey to pairing?

Children
Related