• State Not Answered
  • Replies 5 replies
  • Subscribers 86 subscribers
  • Views 287 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 353101
Options

What should be done when the number of bound users reaches the limit and the binding process should be interrupted or not carried out?

Chaoyue Ying

I'm adjusting my program with nrf52832 and nrf5SDK.

I attempted to use the parameter PM_PEER_ID_N_AVAILABLE_IDS to control the upper limit of the bound users.

However, when the number of bound users exceeds the limit of PM_PEER_ID_N_AVAILABLE_IDS, the pairing process still proceeds completely..

I am using the paired binding parameters with MITM functionality.When the number of bound users exceeds the PM_PEER_ID_N_AVAILABLE_IDS limit, I can input the pairing code and complete the binding. However, it is only outputted in the log as "Could not allocate new peer_id for incoming bond."

However, I hope that if the number of bound users has reached the PM_PEER_ID_N_AVAILABLE_IDS limit, any subsequent pairings initiated afterwards should directly return a pairing failure or, after entering the pairing code, return a failure.

Parents
  • 0

    Hi Chaoyue, 

    It seems right that the pairing fails in the later stages than what you expect it to be. But the behavior in the SDK examples are only templates and you can easily modify them. In the ble_event callback, you can easily add a check in the event BLE_GAP_EVT_SEC_PARAMS_REQUEST using pm_peer_count to see if max bonds are are already achieved and return reject the bonding with sd_ble_gap_sec_params_reply(conn,BLE_GAP_SEC_STATUS_PAIRING_NOT_SUPP,  BLE_GAP_SEC_STATUS_UNSPECIFIED....) something like that.

    Since this is something you can control on your applicaiton and no library or driver change is required, it is easy to do a version control for your future updates aswell.

  • 0 in reply to Susheel Nuguru

    Hi,

    I would like to know in which ble_event_handler the processing of BLE_GAP_EVT_SEC_PARAMS_REQUEST should be written.Different modules all have similar observers listening and they are all called "ble_event_handler".

    Furthermore, the sd_ble_gap_sec_params_reply function requires four parameters. I attempted to call it in the main.c file's ble_event_handler, but I'm not sure how to obtain the ble_gap_sec_params_t and ble_gap_sec_keyset_t types.

  • 0 in reply to Chaoyue Ying

    Hi Chaoyue,

    Use the code as template. I want to show you how you can handle BLE_GAP_EVT_SEC_PARAMS_REQUEST to stop more processing of pairing and in this example disconnect.

    #define BOND_LIMIT   PM_PEER_ID_N_AVAILABLE_IDS  // or something custom if you overwrite this 
                                                 // in your application

static void gap_reject_pairing_and_disconnect(uint16_t conn_handle)
{
    uint32_t err;

    // Explicitly refuse pairing
    err = sd_ble_gap_sec_params_reply(conn_handle,
                                      BLE_GAP_SEC_STATUS_PAIRING_NOT_SUPP,
                                      NULL,
                                      NULL);
    APP_ERROR_CHECK(err);

    // terminate immediately , this is optional though
    err = sd_ble_gap_disconnect(conn_handle, BLE_HCI_REMOTE_USER_TERMINATED_CONNECTION);
    if (err != NRF_SUCCESS && err != NRF_ERROR_INVALID_STATE)
    {
        APP_ERROR_CHECK(err);
    }
}

void ble_evt_handler(ble_evt_t const * p_ble_evt, void * p_context)
{
    const uint16_t conn = p_ble_evt->evt.gap_evt.conn_handle;

    switch (p_ble_evt->header.evt_id)
    {
    case BLE_GAP_EVT_SEC_PARAMS_REQUEST:
        if (pm_peer_count() >= BOND_LIMIT)
        {
            NRF_LOG_WARNING("Bond table full. Rejecting new pairing.");
            gap_reject_pairing_and_disconnect(conn);
            // Do NOT forward this event to Peer Manager
            return;
        }
        break;

    case BLE_GAP_EVT_AUTH_KEY_REQUEST:
        if (pm_peer_count() >= BOND_LIMIT)
        {
            (void) sd_ble_gap_auth_key_reply(conn, BLE_GAP_AUTH_KEY_TYPE_NONE, NULL);
            gap_reject_pairing_and_disconnect(conn);
            return;
        }
        break;

    case BLE_GAP_EVT_LESC_DHKEY_REQUEST:
        if (pm_peer_count() >= BOND_LIMIT)
        {
            // Refuse LESC as well by disconnecting; PM will not proceed
            gap_reject_pairing_and_disconnect(conn);
            return;
        }
        break;

    default:
        break;
    }

    // Forward everything else to Peer Manager
    pm_on_ble_evt(p_ble_evt);

    pm_handler_on_ble_evt(p_ble_evt);
}

    I have not compiled that code, so please use it as a template.

  • 0 in reply to Susheel Nuguru

    Hi,

    Based on the code template you provided, I have implemented the corresponding functions.

    But now I want to know more details about the binding process, such as the comparison of irk and the generation of ltk. I need to check which code files to look at.

  • 0 in reply to Chaoyue Ying

    I can suggest you some starters in code to explore

    peer_manager.c - how BLE events arrive and PM events go out

security_dispatcher.c - pairing handshake path and SD calls

id_manager.c - privacy/IRK provisioning to controller

peer_data_storage.c - where keys storage management into flash

ble_gap.h - exact structs and SoftDevice APIs that do the real crypto and resolution

Reply Children
No Data
Related
Terms of service