LESC unable to pair (SM_pairing_faill )

Hi Arepa,

Have you handled BLE_GAP_EVT_LESC_DHKEY_REQUEST event in your application ? Make sure you used the correct curve NRF_CRYPTO_BLE_ECDH_CURVE_INFO

Error 0x08 mean BLE_GAP_SEC_STATUS_DHKEY_FAILURE as it shown in the log.

Please make sure this message sequence chart is followed correctly.

Hi Hung, Yes, it handle the BLE_GAP_EVT_LESC_DHKEY_REQUEST and it is using the NRF_CRYPTO_BLE_ECDH_CURVE_INFO

case BLE_GAP_EVT_LESC_DHKEY_REQUEST:
	static nrf_value_length_t peer_public_key_raw = { 0 };

	peer_public_key_raw.p_value = &p_ble_evt->evt.gap_evt.params.lesc_dhkey_request.p_pk_peer->pk[0];
	peer_public_key_raw.length = BLE_GAP_LESC_P256_PK_LEN;

	err_code = nrf_crypto_ecc_public_key_from_raw(NRF_CRYPTO_BLE_ECDH_CURVE_INFO,
		&peer_public_key_raw,
		&m_peer_public_key);
	APP_ERROR_CHECK(err_code);

	err_code = nrf_crypto_ecdh_shared_secret_compute(NRF_CRYPTO_BLE_ECDH_CURVE_INFO,
		&m_private_key,
		&m_peer_public_key,
		&m_dh_key);
	APP_ERROR_CHECK(err_code);

	err_code = sd_ble_gap_lesc_dhkey_reply(connectionhandle, &m_lesc_dh_key);
	APP_ERROR_CHECK(err_code);
	break;	

it looks like my peripheral is not sending the SM_pairing_rsp. My device is sending all the message sequence chart except for the sm_pairing_rsp, what event handle it?

The sniffer indeed looks pretty strange. The slave didn't response to the pairing request and simply send pairing Confirm and Random. I suspect it could be the sniffer issue. Do you have the same problem with our example ble_app_multirole_lesc in the SDK ?

If you don't could you check and compare two sniffers trace ? One from ble_app_multirole_lesc and one from your application ?

Hi Hung, I took a capture for the ble_app_mulirole_lesc and I am comparing it with my app it looks pretty similar the differences are on: IOcap, AuthReq and pairing is failing.

The curious is I am using the same sec_parrams and it looks like is taking some different values because of the values in the sniffer capture. the ble_app_multirole_lesc works fine for me using nrf connect version PC.

Update:

I tried performing on nrf connect pairing with only MITM protection and Bonding, no LESC. It is pairing and encrypting my data, but I don't know if it is actually enabling LESC (I did not select it on the pairing windows on nrf connect).

Another thing. Running the ble_app_multirole_lesc example I cannot write/read the characteristics before pairing, on my application, it is not happening, it should be defined on the Characteristic definition or when initializing the services.

Hi Marco,

What is the difference in the code in your "my App" vs "my App with pairing rsp" ? Or it's just when the sniffer can and can't capture the pairing response ?

between 0x09 and 0x0D in AuthReq, the only difference is the MITM support. If you set MITM = 1 in your security params you should have 0x0D.

You can check the security level when you receive BLE_GAP_EVT_AUTH_STATUS to check if LESC is used or not.

As you can find the example worked fine, but not in yours I would suggest you to double check if there is any difference between your application and the example. I suspect it has something to do with how the DH keys is calculated.

When you set up a characteristic, and if you want the link to be encrypted before peer can read or write, you need to use one of these:

BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM

BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM

BLE_GAP_CONN_SEC_MODE_SET_LESC_ENC_WITH_MITM

instead of BLE_GAP_CONN_SEC_MODE_SET_OPEN()