• State Not Answered
  • Replies 3 replies
  • Subscribers 74 subscribers
  • Views 453 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 333188
Options

Increased BLE security on NRF52832

Tim Scott

I'm working on a BLE project based off of the peripheral_lbs sample within the nRF Connect SDK v2.7.0. I am attempting to increase the BLE security level up to either level 3 or level 4 from within the connected callback as I saw done in the sample "peripheral_sc_only".

static void connected(struct bt_conn *conn, uint8_t err)
{
	if (err) {
		printk("Connection failed (err %u)\n", err);
		return;
	}

	printk("Connected\n");

	int ret = bt_conn_set_security(conn, BT_SECURITY_L4);
	if (ret) 
	{
		printk("Failed to set security (err %d)\n", ret);
	}

	dk_set_led_on(CON_STATUS_LED);
}

It is consistently returning with an error of -12 (#define  ENOMEM 12   /* Not enough space */). This is getting returned from line 36 in the following function. 

static int smp_send_security_req(struct bt_conn *conn)
{
	struct bt_smp *smp;
	struct bt_smp_security_request *req;
	struct net_buf *req_buf;
	int err;

	LOG_DBG("");
	smp = smp_chan_get(conn);
	if (!smp) {
		return -ENOTCONN;
	}

	/* SMP Timeout */
	if (atomic_test_bit(smp->flags, SMP_FLAG_TIMEOUT)) {
		return -EIO;
	}

	/* pairing is in progress */
	if (atomic_test_bit(smp->flags, SMP_FLAG_PAIRING)) {
		return -EBUSY;
	}

	if (atomic_test_bit(smp->flags, SMP_FLAG_ENC_PENDING)) {
		return -EBUSY;
	}

	/* early verify if required sec level if reachable */
	if (!(sec_level_reachable(smp) || smp_keys_check(conn))) {
		return -EINVAL;
	}

	if (!conn->le.keys) {
		conn->le.keys = bt_keys_get_addr(conn->id, &conn->le.dst);
		if (!conn->le.keys) {
			return -ENOMEM;
		}
	}

	if (smp_init(smp) != 0) {
		return -ENOBUFS;
	}

	req_buf = smp_create_pdu(smp, BT_SMP_CMD_SECURITY_REQUEST,
				 sizeof(*req));
	if (!req_buf) {
		return -ENOBUFS;
	}

	req = net_buf_add(req_buf, sizeof(*req));
	req->auth_req = get_auth(smp, BT_SMP_AUTH_DEFAULT);

	/* SMP timer is not restarted for SecRequest so don't use smp_send */
	err = bt_l2cap_send(conn, BT_L2CAP_CID_SMP, req_buf);
	if (err) {
		net_buf_unref(req_buf);
		return err;
	}

	atomic_set_bit(smp->flags, SMP_FLAG_SEC_REQ);
	atomic_set_bit(smp->allowed_cmds, BT_SMP_CMD_PAIRING_REQ);

	return 0;
}

From what I've seen, the bt_conn_set_security function call within the connected callback function is the only significant difference between these two examples as far as the BLE is concerned. Is there something else that needs to be added, or a config setting somewhere to set that I'm not seeing?

Thanks

Parents Reply Children
No Data
Related
Terms of service