This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

can't bound with OOB bonding. SDK13 nRF52 S132

Hi!

I can't start project with OOB bonding. If I set settings like just works (MITM = 0, OOB =0), all works correct. But I need more security for bounding. For this reason I want to use OOB bonding. Or you can advise to me another mode for secure bounding.

I use on advertise size only MITM = 1, BOND = 1, OOB =1, like discribed here: link

On the central side I use PM, white list and same settings for OOB bound: MITM = 1, BOND = 1, OOB =1

And after start project, no bound central with peripherial. May be I have some wrongs when PM and white list init on central side?

void peer_manager_init(void)
{
ble_gap_sec_params_t sec_param;
ret_code_t err_code;

err_code = pm_init();
APP_ERROR_CHECK(err_code);

memset(&sec_param, 0, sizeof(ble_gap_sec_params_t));

sec_param.bond           = SEC_PARAM_BOND;
sec_param.mitm           = SEC_PARAM_MITM;
sec_param.lesc           = SEC_PARAM_LESC;
sec_param.keypress       = SEC_PARAM_KEYPRESS;
sec_param.io_caps        = SEC_PARAM_IO_CAPABILITIES; 
sec_param.oob            = SEC_PARAM_OOB;
sec_param.min_key_size   = SEC_PARAM_MIN_KEY_SIZE;
sec_param.max_key_size   = SEC_PARAM_MAX_KEY_SIZE;
sec_param.kdist_own.enc  = 1;
sec_param.kdist_own.id   = 1;
sec_param.kdist_peer.enc = 1;
sec_param.kdist_peer.id  = 1;

err_code = pm_sec_params_set(&sec_param);
APP_ERROR_CHECK(err_code);

err_code = pm_register(pm_evt_handler);
APP_ERROR_CHECK(err_code);
}

I whitelist init after scan start:

void scan_start(void)
{
uint32_t flash_busy;

if(ble_conn_state_n_centrals() >= CENTRAL_LINK_COUNT)
	return;

scan_stop();

(void) fs_queued_op_count_get(&flash_busy);
if(flash_busy != 0)
    return;

ble_gap_addr_t whitelist_addrs[8];
ble_gap_irk_t  whitelist_irks[8];

memset(whitelist_addrs, 0x00, sizeof(whitelist_addrs));
memset(whitelist_irks,  0x00, sizeof(whitelist_irks));

uint32_t addr_cnt = (sizeof(whitelist_addrs) / sizeof(ble_gap_addr_t));
uint32_t irk_cnt  = (sizeof(whitelist_irks)  / sizeof(ble_gap_irk_t));

whitelist_load();

ret_code_t ret = pm_whitelist_get(whitelist_addrs, &addr_cnt, whitelist_irks, &irk

	m_scan_param.use_whitelist = (((addr_cnt == 0) && (irk_cnt == 0)) || (m_bonding)) ? 0 : 1;

	if(ble_conn_state_n_centrals() == 0)
	{
		m_scan_param.interval = BLE_GAP_SCAN_INTERVAL_MAX;
		m_scan_param.window		= BLE_GAP_SCAN_WINDOW_MAX;
	}
	else
	{
		m_scan_param.interval = SCAN_INTERVAL;
		m_scan_param.window		= SCAN_WINDOW;
	}
	
ret = sd_ble_gap_scan_start(&m_scan_param);
APP_ERROR_CHECK(ret);
}
Parents
  • I use static passkey. I was try next configuration: Peripherial -

    #define SEC_PARAM_BOND                  1                                
    #define SEC_PARAM_MITM                  1                                
    #define SEC_PARAM_LESC                  0
    #define SEC_PARAM_IO_CAPABILITIES       BLE_GAP_IO_CAPS_DISPLAY_ONLY         
    #define SEC_PARAM_OOB                   0 
    ...
    static void gap_params_init(void)
    {
    uint32_t err_code;
    ble_opt_t static_pin_option;
    static_pin_option.gap_opt.passkey.p_passkey = (uint8_t *)pass.passkey;
    err_code = sd_ble_opt_set(BLE_GAP_OPT_PASSKEY, &static_pin_option);
    APP_ERROR_CHECK(err_code);
    ...
    

    on central side I use next:

    #define SEC_PARAM_BOND                  1                                
    #define SEC_PARAM_MITM                  1      
    #define SEC_PARAM_LESC              	0                                 
    #define SEC_PARAM_KEYPRESS          	0                                 
    #define SEC_PARAM_IO_CAPABILITIES       BLE_GAP_IO_CAPS_KEYBOARD_ONLY 
    
    ...
    
    static void gap_params_init(void)
    {
    uint32_t err_code;
    ble_opt_t static_pin_option;
    static_pin_option.gap_opt.passkey.p_passkey = (uint8_t *)pass.passkey;
    err_code = sd_ble_opt_set(BLE_GAP_OPT_PASSKEY, &static_pin_option);
    APP_ERROR_CHECK(err_code);	
    

    Now I can pair and bond those 2 devices. Work fine. But I claim that if I clone MAC on another,I can connect to central despite was not bonded before. Check it himself. My be should use another type of passkey? Just tell me what should I do next? And where should modify in code?

  • You need to capture a sniffer trace to see actually what happen over the air. Try to capture a complete session, including first bonding between normal peripheral and the central, then the reconnect between them, then the connection with the clone device.

    Have you verified that without bonding, you can't access the characteristic ?

Reply Children
No Data
Related