• State Verified Answer
  • Replies 4 replies
  • Subscribers 87 subscribers
  • Views 590 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 348242
Options

Correct configuration for secure connections pairing

WeBBK

Hi,

I want to implement a feature where the central device manually enters a fixed password (passkey) defined by the peripheral to establish a connection. I’m using the ble_app_hrs example from the nrf5_sdk_17.1.0_ddde560 SDK on the nRF52840-DK (using SEGGER Embedded Studio v8.24).

Below is my configuration in peer_manager_init() and the BLE_GAP_EVT_AUTH_KEY_REQUEST handling added to ble_evt_handler:

static void peer_manager_init(void)
{
    ble_gap_sec_params_t sec_param;
    ret_code_t err_code;

    err_code = pm_init();
    APP_ERROR_CHECK(err_code);

    memset(&sec_param, 0, sizeof(ble_gap_sec_params_t));

    // Security parameters to be used for all security procedures.
    sec_param.bond = SEC_PARAM_BOND;
    sec_param.mitm = 1;
    sec_param.lesc = SEC_PARAM_LESC;
    sec_param.keypress = SEC_PARAM_KEYPRESS;
    sec_param.io_caps = BLE_GAP_IO_CAPS_KEYBOARD_DISPLAY;
    sec_param.oob = SEC_PARAM_OOB;
    sec_param.min_key_size = SEC_PARAM_MIN_KEY_SIZE;
    sec_param.max_key_size = SEC_PARAM_MAX_KEY_SIZE;
    sec_param.kdist_own.enc = 1;
    sec_param.kdist_own.id = 1;
    sec_param.kdist_peer.enc = 1;
    sec_param.kdist_peer.id = 1;

    err_code = pm_sec_params_set(&sec_param);
    APP_ERROR_CHECK(err_code);

    err_code = pm_register(pm_evt_handler);
    APP_ERROR_CHECK(err_code);
}
case BLE_GAP_EVT_AUTH_KEY_REQUEST:
        {
            NRF_LOG_INFO("BLE_GAP_EVT_AUTH_KEY_REQUEST");
            //printf("BLE_GAP_EVT_AUTH_KEY_REQUEST.\n");
            uint8_t passkey[] = {'1','2','3','4','5','6'};  // Fixed 6-digit passkey
            err_code = sd_ble_gap_auth_key_reply(p_ble_evt->evt.gap_evt.conn_handle,
                                                 BLE_GAP_AUTH_KEY_TYPE_PASSKEY,
                                                 passkey);
            APP_ERROR_CHECK(err_code);
        } break;

When I set sec_param.io_caps = BLE_GAP_IO_CAPS_KEYBOARD_DISPLAY, I receive the following on the central device (BlueZ) and in the peripheral’s RTT log:

BlueZ Output (Central):

[bluetooth]# info FC:E3:19:1A:8D:D3
Device FC:E3:19:1A:8D:D3
     Name: Nordic_HRM
     Paired: no ...
[bluetooth]# pair FC:E3:19:1A:8D:D3
Attempting to pair with FC:E3:19:1A:8D:D3
[CHG] Device FC:E3:19:1A:8D:D3 Connected: yes
[agent] Passkey: 991207 <-- Randomly generated
Failed to pair: org.bluez.Error.AuthenticationFailed
[CHG] Device FC:E3:19:1A:8D:D3 Connected: no

RTT Log from nRF52840-DK (Peripheral):

<info> app: BLE_GAP_EVT_AUTH_KEY_REQUEST
<info> peer_manager_handler: Connection security failed: role: Peripheral, conn_handle: 0x0, procedure: Bonding, error: 132
<warning> peer_manager_handler: Disconnecting conn_handle 0. <info> app: BLE_GAP_EVT_AUTH_STATUS: status=0x84 bond=0x0 lv4: 0 kdist_own:0x0 kdist_peer:0x0

How should I correctly configure sec_param.io_caps to make the central device prompt for a passkey input, allowing the user to manually enter the fixed passkey (e.g., 123456) so that pairing can succeed and look like the following? thank you.

Request passkey [agent] Enter passkey (number in 0999999): 123456


Parents Reply Children
  • 0 in reply to Amanda Hsieh

    If I switch sec_param.io_caps to BLE_GAP_IO_CAPS_DISPLAY_ONLY, it allows the central device (BlueZ) to correctly prompt for passkey input, as shown below.

    However, the peripheral (nRF52840-DK) does not trigger the BLE_GAP_EVT_AUTH_KEY_REQUEST event for unknown reasons. As a result, the defined passkey cannot be used, and pairing fails (Central keeps requesting input repeatedly).

    case BLE_GAP_EVT_AUTH_KEY_REQUEST:
        {
            NRF_LOG_INFO("BLE_GAP_EVT_AUTH_KEY_REQUEST");
             
            err_code = sd_ble_gap_auth_key_reply(p_ble_evt->evt.gap_evt.conn_handle,
                                                 BLE_GAP_AUTH_KEY_TYPE_PASSKEY,
                                                  (uint8_t *)"123456"); // Fixed 6-digit passkey
            APP_ERROR_CHECK(err_code);
        } break;

    00> <info> app: Fast advertising.
00> 
00> <info> app: Disconnected, reason 19.
00> 
00> <info> app: Connected.
00> 
00> <info> app: GATT ATT MTU on connection 0x0 changed to 247.
00> 
00> <info> app: GATT ATT MTU on connection 0x0 changed to 247.
00> 
00> <info> peer_manager_handler: Connection security failed: role: Peripheral, conn_handle: 0x0, procedure: Bonding, error: 1
00> 
00> <warning> app: Security failed. conn_handle: 0x0, error: 0x1
00> 
00> <info> app: BLE_GAP_EVT_AUTH_STATUS: status=0x1 bond=0x0 lv4: 0 kdist_own:0x0 kdist_peer:0x0

    Do you have any suggestions for resolving this issue?

  • 0 in reply to WeBBK

    Do you see the same issue while testing with a mobile phone? If not, comparing the sinffer logs of them to find the differences. 

  • 0 in reply to Amanda Hsieh

    hi Amanda,

    The issue is fixed by the reference example link you provided.

    thanks.

Related
Terms of service