This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

can't bound with OOB bonding. SDK13 nRF52 S132

Hi!

I can't start project with OOB bonding. If I set settings like just works (MITM = 0, OOB =0), all works correct. But I need more security for bounding. For this reason I want to use OOB bonding. Or you can advise to me another mode for secure bounding.

I use on advertise size only MITM = 1, BOND = 1, OOB =1, like discribed here: link

On the central side I use PM, white list and same settings for OOB bound: MITM = 1, BOND = 1, OOB =1

And after start project, no bound central with peripherial. May be I have some wrongs when PM and white list init on central side?

void peer_manager_init(void)
{
ble_gap_sec_params_t sec_param;
ret_code_t err_code;

err_code = pm_init();
APP_ERROR_CHECK(err_code);

memset(&sec_param, 0, sizeof(ble_gap_sec_params_t));

sec_param.bond           = SEC_PARAM_BOND;
sec_param.mitm           = SEC_PARAM_MITM;
sec_param.lesc           = SEC_PARAM_LESC;
sec_param.keypress       = SEC_PARAM_KEYPRESS;
sec_param.io_caps        = SEC_PARAM_IO_CAPABILITIES; 
sec_param.oob            = SEC_PARAM_OOB;
sec_param.min_key_size   = SEC_PARAM_MIN_KEY_SIZE;
sec_param.max_key_size   = SEC_PARAM_MAX_KEY_SIZE;
sec_param.kdist_own.enc  = 1;
sec_param.kdist_own.id   = 1;
sec_param.kdist_peer.enc = 1;
sec_param.kdist_peer.id  = 1;

err_code = pm_sec_params_set(&sec_param);
APP_ERROR_CHECK(err_code);

err_code = pm_register(pm_evt_handler);
APP_ERROR_CHECK(err_code);
}

I whitelist init after scan start:

void scan_start(void)
{
uint32_t flash_busy;

if(ble_conn_state_n_centrals() >= CENTRAL_LINK_COUNT)
	return;

scan_stop();

(void) fs_queued_op_count_get(&flash_busy);
if(flash_busy != 0)
    return;

ble_gap_addr_t whitelist_addrs[8];
ble_gap_irk_t  whitelist_irks[8];

memset(whitelist_addrs, 0x00, sizeof(whitelist_addrs));
memset(whitelist_irks,  0x00, sizeof(whitelist_irks));

uint32_t addr_cnt = (sizeof(whitelist_addrs) / sizeof(ble_gap_addr_t));
uint32_t irk_cnt  = (sizeof(whitelist_irks)  / sizeof(ble_gap_irk_t));

whitelist_load();

ret_code_t ret = pm_whitelist_get(whitelist_addrs, &addr_cnt, whitelist_irks, &irk

	m_scan_param.use_whitelist = (((addr_cnt == 0) && (irk_cnt == 0)) || (m_bonding)) ? 0 : 1;

	if(ble_conn_state_n_centrals() == 0)
	{
		m_scan_param.interval = BLE_GAP_SCAN_INTERVAL_MAX;
		m_scan_param.window		= BLE_GAP_SCAN_WINDOW_MAX;
	}
	else
	{
		m_scan_param.interval = SCAN_INTERVAL;
		m_scan_param.window		= SCAN_WINDOW;
	}
	
ret = sd_ble_gap_scan_start(&m_scan_param);
APP_ERROR_CHECK(ret);
}
  • Hi Mikhail,

    Please update more information on:

    • What OOB mechanism are you using ? it's NFC or something else ?

    • What kind of setup do you have ? Which chip is on the peripheral side and which device is on central side ?

    • What kind of error do you have ? Have you checked the log ?

    • Have you tried to test our OOB example in the SDK ?

  • Hi! Thanks for answer.

    1. I try to use simply enter passkey via code. (directly). May be I not correct use this function.
    2. What does it mean kind of setup? On a central and on the peripherial I use nRF52, SDK13, S132.
    3. No error. But when I try to bound central with peripherial- no success.
    4. I did not try this example. I don't need use NFC.

    I just need use static passkey which was write before. Ofcourse, this static passkey same in peripherial and central.

    I added in the central event:

            case BLE_GAP_EVT_AUTH_KEY_REQUEST:
         {
          
    
      sd_ble_gap_auth_key_reply(conn_handle, BLE_GAP_AUTH_KEY_TYPE_OOB, (uint8_t *)pass.passkey);
    
    }
    

    and I see call this event when connect peripherial to tag. But after that no bound devices.

    For any case- I just need make secure bound. Just works bond does not fit for secure reason.

  • OOB and passkey are not the same. You need to use BLE_GAP_AUTH_KEY_TYPE_PASSKEY instead of BLE_GAP_AUTH_KEY_TYPE_OOB.

    I strongly suggest before you test with static passkey, you test with normal passkey example first. You can try the Blood Glucose example here.

    After that you can start testing with the static passkey.

  • BLE_GAP_AUTH_KEY_TYPE_PASSKEY on central side doesn't work. May be I should make any settings on a peripherial side?

    Repeat: I have a task- make bonding central with peripherial. But Just works does not fit due to secure reason. Give me a way to decide this task. What should I do?

  • I have tested your glucose example. Yes, this works. Bound. But with those settings, it bond not secure and possible to clone same tag peripherial by MAC and I can connect to my central by second tag. It is not normal. I want excluse this behavoir.

Related