• State Verified Answer
  • Replies 23 replies
  • Subscribers 73 subscribers
  • Views 6061 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 125997
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

can't bound with OOB bonding. SDK13 nRF52 S132

Mikhail

Hi!

I can't start project with OOB bonding. If I set settings like just works (MITM = 0, OOB =0), all works correct. But I need more security for bounding. For this reason I want to use OOB bonding. Or you can advise to me another mode for secure bounding.

I use on advertise size only MITM = 1, BOND = 1, OOB =1, like discribed here: link

On the central side I use PM, white list and same settings for OOB bound: MITM = 1, BOND = 1, OOB =1

And after start project, no bound central with peripherial. May be I have some wrongs when PM and white list init on central side?

void peer_manager_init(void)
{
ble_gap_sec_params_t sec_param;
ret_code_t err_code;

err_code = pm_init();
APP_ERROR_CHECK(err_code);

memset(&sec_param, 0, sizeof(ble_gap_sec_params_t));

sec_param.bond           = SEC_PARAM_BOND;
sec_param.mitm           = SEC_PARAM_MITM;
sec_param.lesc           = SEC_PARAM_LESC;
sec_param.keypress       = SEC_PARAM_KEYPRESS;
sec_param.io_caps        = SEC_PARAM_IO_CAPABILITIES; 
sec_param.oob            = SEC_PARAM_OOB;
sec_param.min_key_size   = SEC_PARAM_MIN_KEY_SIZE;
sec_param.max_key_size   = SEC_PARAM_MAX_KEY_SIZE;
sec_param.kdist_own.enc  = 1;
sec_param.kdist_own.id   = 1;
sec_param.kdist_peer.enc = 1;
sec_param.kdist_peer.id  = 1;

err_code = pm_sec_params_set(&sec_param);
APP_ERROR_CHECK(err_code);

err_code = pm_register(pm_evt_handler);
APP_ERROR_CHECK(err_code);
}

I whitelist init after scan start:

void scan_start(void)
{
uint32_t flash_busy;

if(ble_conn_state_n_centrals() >= CENTRAL_LINK_COUNT)
	return;

scan_stop();

(void) fs_queued_op_count_get(&flash_busy);
if(flash_busy != 0)
    return;

ble_gap_addr_t whitelist_addrs[8];
ble_gap_irk_t  whitelist_irks[8];

memset(whitelist_addrs, 0x00, sizeof(whitelist_addrs));
memset(whitelist_irks,  0x00, sizeof(whitelist_irks));

uint32_t addr_cnt = (sizeof(whitelist_addrs) / sizeof(ble_gap_addr_t));
uint32_t irk_cnt  = (sizeof(whitelist_irks)  / sizeof(ble_gap_irk_t));

whitelist_load();

ret_code_t ret = pm_whitelist_get(whitelist_addrs, &addr_cnt, whitelist_irks, &irk

	m_scan_param.use_whitelist = (((addr_cnt == 0) && (irk_cnt == 0)) || (m_bonding)) ? 0 : 1;

	if(ble_conn_state_n_centrals() == 0)
	{
		m_scan_param.interval = BLE_GAP_SCAN_INTERVAL_MAX;
		m_scan_param.window		= BLE_GAP_SCAN_WINDOW_MAX;
	}
	else
	{
		m_scan_param.interval = SCAN_INTERVAL;
		m_scan_param.window		= SCAN_WINDOW;
	}
	
ret = sd_ble_gap_scan_start(&m_scan_param);
APP_ERROR_CHECK(ret);
}
  • 0

    Are you sure it's the static passkey ?

    What do you mean exactly by static passkey ? Have you used sd_ble_opt_set() with BLE_GAP_OPT_PASSKEY opt_id ? I have to ask because seems that the one who is generate passkey is the phone, not the central. Each time you bond the phone will generate a new passkey, not the same passkey (static passkey)

    It's really hard to help you if you don't understand the code.

    If you have a look at peer_manager_init() you can see the configuration of sec_param. Match that with what you see in the link I sent you:

    sec_param.bond = true;
sec_param.mitm = true;
sec_param.lesc = 0;
sec_param.keypress = 0;
sec_param.io_caps = BLE_GAP_IO_CAPS_KEYBOARD_ONLY;
sec_param.oob = false;

    On one device you set io_caps with KEYBOARD_ONLY, on the other device (peripheral for example) you set it with BLE_GAP_IO_CAPS_DISPLAY_ONLY

    Then you can pair the 2 device with passkey. Normal passkey, not static passkey. After you pass that step, we will continue with static passkey.

    " But repeat- possible after bond to clone mac to another pheripherial device and this cloned peripherial connect !!!! Karl !!! to central. " => I don't understand what you describe here. Bond information can't be cloned with just the mac address. Unless they have access to your device and clone the whole flash. Then it doesn't matter what type of bonding you have passkey or OOB or JustWork.

    Or if you want to say the clone device clone the address, then try to re-bond (remove old bond information and bond again), you can configure the central of not allowing re-pairing.

  • 0

    I use static passkey. I was try next configuration: Peripherial -

    #define SEC_PARAM_BOND                  1                                
#define SEC_PARAM_MITM                  1                                
#define SEC_PARAM_LESC                  0
#define SEC_PARAM_IO_CAPABILITIES       BLE_GAP_IO_CAPS_DISPLAY_ONLY         
#define SEC_PARAM_OOB                   0 
...
static void gap_params_init(void)
{
uint32_t err_code;
ble_opt_t static_pin_option;
static_pin_option.gap_opt.passkey.p_passkey = (uint8_t *)pass.passkey;
err_code = sd_ble_opt_set(BLE_GAP_OPT_PASSKEY, &static_pin_option);
APP_ERROR_CHECK(err_code);
...

    on central side I use next:

    #define SEC_PARAM_BOND                  1                                
#define SEC_PARAM_MITM                  1      
#define SEC_PARAM_LESC              	0                                 
#define SEC_PARAM_KEYPRESS          	0                                 
#define SEC_PARAM_IO_CAPABILITIES       BLE_GAP_IO_CAPS_KEYBOARD_ONLY 

...

static void gap_params_init(void)
{
uint32_t err_code;
ble_opt_t static_pin_option;
static_pin_option.gap_opt.passkey.p_passkey = (uint8_t *)pass.passkey;
err_code = sd_ble_opt_set(BLE_GAP_OPT_PASSKEY, &static_pin_option);
APP_ERROR_CHECK(err_code);

    Now I can pair and bond those 2 devices. Work fine. But I claim that if I clone MAC on another,I can connect to central despite was not bonded before. Check it himself. My be should use another type of passkey? Just tell me what should I do next? And where should modify in code?

  • 0 in reply to Mikhail

    By MAC, you mean the Bluetooth Address ?

    Any device can be connected to the central, there is no way to avoid that. But the link won't be encrypted if the clone device doesn't have the LTK.

    Make sure your characteristics would require encryption to be able to read or write. Using BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM() for attr_md.read_perm and attr_md.write_perm when you declare the service/characteristic instead of BLE_GAP_CONN_SEC_MODE_SET_OPEN()

  • 0 in reply to Mikhail

    MAC I mean the Bluetooth Address. Looks like MAC. with BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM() same result... any idea? I not need secure connection after pairing. I need bond with only bonded before peripherial. And thanks for help.

  • 0 in reply to Mikhail

    You need to capture a sniffer trace to see actually what happen over the air. Try to capture a complete session, including first bonding between normal peripheral and the central, then the reconnect between them, then the connection with the clone device.

    Have you verified that without bonding, you can't access the characteristic ?

Related
Terms of service